[skywhopper]

Endpoint management are backdoors that allow IT to monitor every file on disk, every network connection opened, every program run, and every action taken on a company-owned workstation, as well as allowing full control over the system including installing and removing programs; creating, editing, and deleting files; viewing what's happening on the screen; and shutting things down entirely if desired.

[dijit]

Piecemeal response, but endpoint managers are really there to ensure:

1) That the device is compliant with whatever security standards (AV is running, no weird user accounts that are admins etc;)

2) That if the machine is lost || fails to check in: it is wiped.

3) That if security standards change; those changes can be rolled out.

4) That activity on the device is somewhat logged, not to great extent but: Login Events (and what factor was used), if Admin elevation was called; if a strange executable was executed. etc; These logs are only useful in certain circumstances and I've never seen anyone actually use them outside of arbitration.