[dijit]

Piecemeal response, but endpoint managers are really there to ensure:

1) That the device is compliant with whatever security standards (AV is running, no weird user accounts that are admins etc;)

2) That if the machine is lost || fails to check in: it is wiped.

3) That if security standards change; those changes can be rolled out.

4) That activity on the device is somewhat logged, not to great extent but: Login Events (and what factor was used), if Admin elevation was called; if a strange executable was executed. etc; These logs are only useful in certain circumstances and I've never seen anyone actually use them outside of arbitration.