# Staff Devices

The **Staff Devices** section in Sprinto helps you monitor and manage the security posture of all workforce devices accessing your organisation’s systems. It offers a centralised view of reported device statuses and ensures every device complies with your security and compliance policies.

Sprinto supports both **automated** and **manual** device health reporting across employees, contractors, interns, and consultants. Based on reported data, the platform runs compliance checks and flags failing conditions such as outdated operating systems, missing encryption, inactive antivirus, or screen lock issues.

***

### Key Features

* **Real-time MDM visibility**: View device reporting across native (Dr. Sprinto) and third-party MDMs such as Intune, JAMF, Kandji, and more.
* **Multiple reporting modes**:
  * *Dr. Sprinto*: Sprinto’s built-in MDM solution for device scanning and status sharing.
  * *Third-party MDM integrations*: Connect your existing provider and sync statuses.
  * *Manual monitoring*: Set up workflow checks and upload device evidence manually.
* **Automated compliance checks**: Monitor common device hygiene parameters—OS updates, encryption, antivirus, screen lock, firewall, and more.
* **Scoping logic**: Categorise devices as *Active*, *Inactive*, or *Not-in-Scope* to maintain audit accuracy.
* **Mapped frameworks**: Device status checks are linked to compliance frameworks such as ISO 27001, SOC 2, PCI DSS, and GDPR.

***

### Device Scoping

All reported devices are classified as:

<table><thead><tr><th width="131.1015625">Scope</th><th width="554.5">Description</th></tr></thead><tbody><tr><td><strong>Active</strong></td><td>Devices with recently synced health status via MDM or manual uploads.</td></tr><tr><td><strong>Inactive</strong></td><td>Devices marked as unused or whose reporting has expired.</td></tr><tr><td><strong>Not-in-Scope</strong></td><td>Devices temporarily excluded from monitoring due to replacement, reassignment, or onboarding.</td></tr></tbody></table>

Sprinto automatically fails compliance checks if device health status is missing or out of date based on your reporting cadence.

***

### Use Cases

<table><thead><tr><th width="183.05859375">Team</th><th>Use Case</th><th>Example</th></tr></thead><tbody><tr><td><strong>IT Admins</strong></td><td>Monitor endpoint compliance via MDM</td><td>Track if all company-issued devices have antivirus and disk encryption enabled.</td></tr><tr><td><strong>Security Teams</strong></td><td>Perform security gap analysis across staff devices</td><td>Identify which devices are missing auto screen lock or up-to-date OS patches.</td></tr><tr><td><strong>Compliance Officers</strong></td><td>Demonstrate device-level evidence during audits</td><td>Use mapped controls to show device compliance against frameworks like ISO 27001 or SOC 2.</td></tr><tr><td><strong>HR / Operations</strong></td><td>Manage device scoping during offboarding</td><td>Mark devices as not-in-scope when staff are offboarded or roles change.</td></tr><tr><td><strong>Remote Workforce Teams</strong></td><td>Enable manual compliance for BYOD users</td><td>Use workflow checks to manually upload evidence from non-MDM managed staff devices.</td></tr></tbody></table>

***

### What You Can Do

* Set up Dr. Sprinto or integrate a third-party MDM tool.
* Manually configure workflow checks and assign reviewers.
* Upload device health evidence per compliance check.
* Track failed, passed, or pending checks per user/device.
* Scope/un-scope devices as operational needs change.
* View all checks under the **Monitoring** tab and take corrective action.

***

### Mapped Controls and Frameworks

Each device-related check is mapped to one or more controls under your connected compliance frameworks. Sprinto helps you surface exactly which control is impacted when a device status fails.

Example checks include:

* *Staff device OS is up to date*
* *Disk encryption should be enabled*
* *Screenlock should be enabled*
* *Antivirus should be running*
* *Reported device needs to be mapped to a staff*