Security tool

Endpoint Security Checklist

Walk through an endpoint-hardening checklist for your fleet.

0 / 20 controls met0%

High exposure

A self-assessment, not an audit: this checklist is an educational guide to common endpoint-hardening controls. Your answers stay in your browser — nothing is sent or stored. A high score here is not a substitute for a verified configuration review against your specific regulatory obligations (HIPAA, PCI, etc.).

Encryption

0/2

Full-disk encryption enabled (BitLocker / FileVault / LUKS)

Recovery key stored securely in your MDM or directory

Patching

0/3

OS automatic updates enabled and current (within 30 days)

Third-party applications patched via MDM or patch management tool

Firmware (BIOS/UEFI) updated in the last 12 months

EDR / AV

0/3

EDR or enterprise AV agent deployed and reporting to a console

Real-time protection and tamper protection enabled

EDR alerts reviewed at least weekly (by a person, not just auto-quarantine)

Identity

0/3

Local administrator accounts disabled or renamed; LAPS deployedWindows

MFA enforced for all accounts that can log into this device remotely

Users run as standard accounts; admin rights require elevation

Network

0/3

Host-based firewall enabled and blocking inbound connections by default

VPN or Zero Trust agent required for remote corporate access

Device validates network certificates; no auto-join to untrusted SSIDs

Configuration

0/4

Device enrolled in MDM (Intune, Jamf, or equivalent)

Screen lock activates after ≤5 minutes of inactivity

USB removable media is blocked or controlled via policy

Application allowlisting or controlled folder access enabled

Backup

0/2

Endpoint backup agent running; last backup within 24 hours

Backup destination is offsite (cloud) and immutable/versioned

Running this checklist across a fleet of 20+ endpoints? Elevate can audit and remediate in a single engagement. Request an assessment.

Frequently asked questions

How often should I run through the endpoint hardening checklist?

Run a full checklist audit quarterly and after any major OS update or new device deployment. For regulated industries (healthcare, legal, finance) many controls are audit requirements — not just best practices.

Do these controls apply to macOS and Linux as well as Windows?

Most categories — encryption, EDR, patch management, MFA, admin separation — apply across operating systems. A few items (BitLocker, Windows Defender settings) are Windows-specific; the checklist notes these distinctions.

Want this handled for you?

Elevate manages IT & security for regulated Los Angeles firms.

Book a strategy call