IT Device Audit is a battle-tested fleet audit system packaged as an OpenTechnologyApp project template. It started life as a Google Sheet + Apps Script reconciling a real ~145-device healthcare fleet — JumpCloud against SentinelOne, browser management, and asset inventory — and now ships as three queues, working automations, and step-by-step remediation playbooks you can import in one click.
The template directory is going open source on GitHub — watch the org for the repo.
What it catches
Every check the original system ran weekly (or continuously) becomes a tracked item with a Run Status and flagged count:
- T1 — Security blockers: devices missing the EDR agent, EDR ghosts not in MDM, critical health flags from device-side telemetry, Microsoft-account policy violations
- T2 — Operational hygiene: stale devices (14-day warning band, 30-day action band), outdated OS, high uptime, hostname drift, browser-OU drift, Windows Update + Lenovo updater backlog
- T3 — Inventory completeness: orphaned devices, multi-device users, agent version drift, asset-inventory add/remove, unactivated users
Three queues, one system
| Queue | What lives there |
|---|---|
| Device Inventory | One item per device — serial, platform, agent versions, health status, days silent, decommission checkboxes |
| Audit Checks | One item per check metric, grouped by tier, with cadence + Run Status + flagged count |
| Remediation Commands | The MDM commands (EDR install/reconnect, hostname rename, compliance enforcement) as fireable, tracked items |
Automations that do real work
No advisory-comment fluff. When a device's EDR status flips to Missing, it goes urgent and lands in the P1 tier. When a check passes, it closes itself. When a returned device is marked wiped, the decommission item closes. Optional webhook automations fire MDM remediation commands directly or DM your Slack channel about a stale device — shipped disabled until you've trusted a full cycle (the dry-run discipline the original system ran on).
Playbooks: the triage workflow, encoded
Eleven runbooks auto-attach to matching item types:
- EDR gap — install vs. reconnect, per platform, with a verify step
- Stale device — confirm the user is active, reconnect or route to decommission
- Decommission — the four-system teardown (MDM, EDR, asset inventory, browser record), each step flipping a checkbox
- MS Account Compliance / Agent Versions / User Comms / Orphaned Devices — the weekly P1–P7 triage priorities as guided steps, Slack templates included
- Webhook redeploy runbook and a provider-swap checklist — the hard-won operational lessons, so the next admin doesn't relearn them
Connected to your fleet, not just describing it
Two included scripts wire the template to real infrastructure:
jumpcloud-sync.js— cron script that pulls devices from the JumpCloud API and upserts inventory items with days-silent math and status routingdevice-post-ingest.js— an inbound webhook that accepts the device-side telemetry POSTs (Windows health, Mac health, network, MS compliance — all four payload contracts), evaluates critical flags, and updates devices in place
The MDM layer is deliberately swappable: the sync script is the only JumpCloud-specific piece. Point it at Kandji, Intune, or Mosyle by mapping their API into the same normalized device shape — checks, dashboards, and playbooks don't change.
Get it
Import IT Device Audit from the template picker in OpenTechnologyApp — it's built in. The standalone template files (JSON + scripts + runbooks) are heading to the OpenTechnology14 GitHub org as an open-source directory.