AI-GENERATED REPORT

You searched for:

What is the endpoint compliance score?

Endpoint Compliance Score

Composite security posture across 6,953 managed endpoints

Built from: Datto RMM

How this report was made

Autotask PSA

Multiple data sources combined

Proxuma Power BI

Pre-built MSP semantic model, 50+ measures

AI via MCP

Claude or ChatGPT writes DAX queries, executes them, formats output

4
This Report
KPIs, breakdowns, trends, recommendations

                Ready in < 15 min

Endpoint Compliance Score

Composite security posture across 6,953 managed endpoints

The data covers the full scope of Autotask PSA records relevant to this analysis, broken down by the key dimensions your team needs for day-to-day decisions and client reporting.

Who should use this: NOC teams, asset managers, and service delivery leads

How often: Weekly for fleet reviews, monthly for lifecycle planning, quarterly for budgeting

Time saved

Device audits from RMM consoles require clicking through hundreds of screens. This report consolidates everything.

Fleet visibility

Ghost devices, storage issues, and uptime problems across the entire fleet in one view.

Lifecycle planning

Data for hardware refresh cycles, warranty tracking, and capacity planning.

Report categoryDevice & Endpoint Management

Data sourceAutotask PSA · Datto RMM · Datto Backup · Microsoft 365 · SmileBack · HubSpot · IT Glue

RefreshReal-time via Power BI

Generation timeUnder 15 minutes

AI requiredClaude, ChatGPT or Copilot

AudienceNOC teams, asset managers

Where to find this in Proxuma

Power BI › Devices › Endpoint Compliance Score

Get this report for your MSP

What you can measure in this report

Executive Summary

Antivirus Protection

Antivirus Products in Use

Patch Management

Software Compliance

Compliance by Client

Operating System Distribution

Analysis

What Should You Do With This Data?

Frequently Asked Questions

Composite Compliance Score

Total Managed Endpoints

AI-Generated Power BI Report

Endpoint Compliance Score

Composite security posture across 6,953 managed endpoints

Demo Report: This report uses synthetic data to demonstrate AI-generated insights from Proxuma Power BI. The structure, DAX queries, and analysis reflect real MSP data patterns.

1.0 Executive Summary

Composite compliance score and key metrics across 6,953 endpoints.

Composite Compliance Score

49.0%

3,410 of 6,953

Total Managed Endpoints

135,387

19.5 per device avg

Antivirus Coverage

91.1%

6,337 devices protected

Software Compliance

17.5%

1,214 devices compliant

View DAX Query — Overall compliance metrics

EVALUATE ROW("TotalDevices", COUNTROWS('BI_Datto_Rmm_Devices'), "Online", CALCULATE(COUNTROWS('BI_Datto_Rmm_Devices'), 'BI_Datto_Rmm_Devices'[Online] = TRUE()), "TotalAlerts", COUNTROWS('BI_Datto_Rmm_Alerts'))

2.0 Antivirus Protection

91.1% of endpoints have active, up-to-date antivirus. 263 devices are unprotected.

Antivirus Status	Devices	Share
Running and Up to Date	6,337	91.1%
Running, Not Up to Date	353	5.1%
Not Running	105	1.5%
No AV Detected	158	2.3%

View DAX Query — Antivirus status distribution

EVALUATE
SUMMARIZECOLUMNS(
    'BI_Datto_Rmm_Devices'[Antivirus_Status],
    "DeviceCount", COUNTROWS('BI_Datto_Rmm_Devices')
)

3.0 Antivirus Products in Use

Which AV products are deployed across the fleet.

Product	Devices	Share
Microsoft Defender	4,649	66.9%
ESET Endpoint Security (v12.1)	648	9.3%
Bitdefender GravityZone	503	7.2%
SentinelOne	266	3.8%
(No AV Detected)	246	3.5%
Elastic Security	108	1.6%
Malwarebytes Endpoint Protection	75	1.1%
ThreatLocker	53	0.8%

View DAX Query — Antivirus product breakdown

EVALUATE
TOPN(8,
    SUMMARIZECOLUMNS(
        'BI_Datto_Rmm_Devices'[Antivirus_Product],
        "Cnt", COUNTROWS('BI_Datto_Rmm_Devices')
    ),
    [Cnt], DESC
)

4.0 Patch Management

13,369 patches approved and waiting for install. 16,093 patches still require review.

Patch Status	Devices	Share
Fully Patched	3,388	48.7%
Approved, Pending Install	2,067	29.7%
Reboot Required	855	12.3%
Not Installed	262	3.8%
Install Failed	172	2.5%
Installed, Pending Reboot	158	2.3%
(Not Reported)	51	0.7%

Patches Installed

37,803

56.2% of total

Patches Pending

13,369

Approved, waiting install

Not Approved

16,093

Require review

View DAX Query — Patch status per device

EVALUATE
SUMMARIZECOLUMNS(
    'BI_Datto_Rmm_Devices'[Patch_Status],
    "Cnt", COUNTROWS('BI_Datto_Rmm_Devices')
)
ORDER BY [Cnt] DESC

5.0 Software Compliance

Only 17.5% of devices meet the managed software policy. 2,270 endpoints have no software management at all.

Software Status	Devices	Share
Compliant	1,214	17.5%
Not Compliant	3,469	49.9%
Unmanaged	2,270	32.6%

View DAX Query — Software compliance distribution

EVALUATE
SUMMARIZECOLUMNS(
    'BI_Datto_Rmm_Devices'[Software_Status],
    "DeviceCount", COUNTROWS('BI_Datto_Rmm_Devices')
)

6.0 Compliance by Client

Top 10 clients ranked by endpoint count, with AV rate, software compliance, and outstanding patch issues.

Client	Endpoints	AV Rate	SW Compliance	Patch Issues
Whitfield-Novak Group	1,355	96.7%	2.7%	590
Anderson Partners	715	95.4%	0.0%	369
Harper-Collins LLC	481	96.3%	0.0%	184
Mitchell & Associates	350	93.4%	44.3%	124
Wall PLC	320	97.2%	40.3%	123
Henderson, Blake and Shaw	207	87.0%	55.6%	47
Leach, Cooper and Wells	157	70.1%	0.0%	38
Richards, Parker and Grant	142	100.0%	31.0%	50
Price-Gomez	127	73.2%	44.1%	84
Barrett, Contreras and Rios	145	86.9%	55.2%	45

View DAX Query — Per-client compliance metrics

EVALUATE
TOPN(10,
    SUMMARIZECOLUMNS(
        'BI_Datto_Rmm_Devices'[Site_Name],
        "DeviceCount", COUNTROWS('BI_Datto_Rmm_Devices'),
        "AVRunning", CALCULATE(COUNTROWS('BI_Datto_Rmm_Devices'),
            'BI_Datto_Rmm_Devices'[Antivirus_Status] = "RunningAndUpToDate"),
        "SWCompliant", CALCULATE(COUNTROWS('BI_Datto_Rmm_Devices'),
            'BI_Datto_Rmm_Devices'[Software_Status] = "Compliant"),
        "PatchPending", CALCULATE(COUNTROWS('BI_Datto_Rmm_Devices'),
            'BI_Datto_Rmm_Devices'[Patch_Status] = "ApprovedPending"),
        "PatchReboot", CALCULATE(COUNTROWS('BI_Datto_Rmm_Devices'),
            'BI_Datto_Rmm_Devices'[Patch_Status] = "RebootRequired")
    ),
    [DeviceCount], DESC
)

7.0 Operating System Distribution

Top 10 operating systems across the managed fleet.

Operating System	Devices	Share
Windows 11 Enterprise (22H2)	1,174	16.9%
Windows 11 Enterprise (23H2)	1,015	14.6%
Windows 11 Business (23H2)	829	11.9%
Windows 11 Enterprise (24H2)	797	11.5%
Windows 11 Pro (24H2 Preview)	547	7.9%
Windows 11 Enterprise (26200)	419	6.0%
Windows 11 Pro (23H2)	422	6.1%
Windows 11 Pro (26200)	341	4.9%
Windows 11 Pro (24H2)	316	4.5%
(Not Reported)	145	2.1%

View DAX Query — OS distribution

EVALUATE
TOPN(10,
    SUMMARIZECOLUMNS(
        'BI_Datto_Rmm_Devices'[Operating_System],
        "Cnt", COUNTROWS('BI_Datto_Rmm_Devices')
    ),
    [Cnt], DESC
)

8.0 Analysis

The composite compliance score of 56.3% tells a mixed story. Antivirus coverage is the strongest dimension at 91.1%: most devices have active, current AV definitions. That is the baseline you would expect from a managed fleet.

Patching tells a different story. While 37,803 patches are installed, there are still 13,369 approved patches waiting for deployment. Another 16,093 patches have not been approved yet, which means they are stuck in a review backlog. The 855 devices requiring a reboot to complete patching represent a quick win: those patches are already downloaded and just need a restart cycle.

Software compliance is the weakest link. At 17.5%, fewer than one in five devices pass the managed software policy. Nearly half the fleet (3,469 devices) is flagged as non-compliant, and 2,270 devices are completely unmanaged. This gap usually comes from inconsistent software management policies across clients or legacy devices that were never onboarded properly.

The client-level breakdown shows that compliance is uneven. Some clients maintain strong AV coverage but have almost zero software compliance, which suggests the AV agent was deployed but no software baseline was set. Other clients have high patch backlogs relative to their device count, pointing to maintenance windows that are too narrow or devices that stay offline during scheduled patching runs.

9.0 What Should You Do With This Data?

Prioritized steps to improve your composite compliance score.

Reboot 855 devices to complete patching

These endpoints have patches downloaded and installed but need a restart to finalize. Schedule a forced reboot window or notify end users. This is the fastest path to improving your patch posture.

Investigate 263 devices with no active AV

105 devices report AV as "not running," and 158 have no AV detected at all. These are your highest-risk endpoints. Verify AV agent deployment and check for conflicts with other security tools.

Clear the patch approval backlog (16,093 patches)

Over 16,000 patches are waiting for approval. Set up auto-approval rules for critical and security patches, with a manual review process only for feature updates and driver patches.

Define software baselines for the 2,270 unmanaged devices

Nearly a third of the fleet has no software management policy applied. Create per-client software baselines and push them through your RMM. Focus on the largest clients first for maximum impact.

Standardize AV products across the fleet

There are over 40 different AV products in the environment. Standardizing on one or two products reduces management overhead, simplifies alerting, and makes it easier to verify coverage.

10.0 Frequently Asked Questions

How is the composite compliance score calculated?

The score is a weighted average of three dimensions: antivirus coverage (40%), patch compliance (30%), and software compliance (30%). Each dimension measures the percentage of devices that meet the target state. The current score of 56.3% reflects strong AV coverage offset by lower patch and software compliance.

Where does this data come from?

All endpoint data is pulled from the Datto RMM agent telemetry. The RMM agent reports antivirus status, patch levels, and software inventory. This data is synchronized to Power BI through the Proxuma data pipeline and refreshed daily.

What counts as software compliant?

A device is software compliant when all installed software matches the managed software policy defined in Datto RMM. Devices marked "Not Compliant" have software that deviates from the policy. "Unmanaged" devices have no software policy assigned at all.

Why are there so many unapproved patches?

The 16,093 unapproved patches are waiting in the review queue. This typically happens when auto-approval rules are not configured or are set too conservatively. Setting auto-approval for critical and security patches while keeping manual review for drivers and feature updates is a common middle ground.

How often is this report updated?

The underlying data refreshes daily through the Proxuma Power BI pipeline. You can regenerate this report at any time using the MCP integration to get the latest numbers.

Generate this report from your own data

Connect Proxuma Power BI to your PSA, RMM, and M365 environment, use an MCP-compatible AI to ask questions, and generate custom reports - in minutes, not days.

See more reports Get started