Skip to content
BastionSec
Contact us
Managed security · Devices & Endpoints

Every company laptop and phone: configured, encrypted, patched and under control.

We put your devices under MDM with a CIS security baseline, automatic patching, disk encryption and managed EDR. A lost or compromised device doesn't become a crisis. We configure and manage: the hardware is yours to choose.

  • MDM across the whole fleet: laptops and phones on a consistent baseline.
  • Disk encryption and remote wipe: a lost device isn't a data breach.
  • Transparent per-device monthly fee. 'On request' for large fleets.
Contact usSee detection & response

Who this is for

The 'missing middle': startups and SMBs with a growing laptop fleet but no in-house IT/security team to run it. Sound familiar?

Laptops scattered and unconfigured

Everyone has a computer set up their own way, with no guaranteed encryption or updates. We bring it all to a baseline.

Remote work and BYOD

The team works from anywhere, on company and personal devices. You need rules, encryption and verifiable compliance.

An audit asks for endpoint evidence

ISO 27001 or a client wants proof of encryption, patching and EDR. We provide it, with compliance reports.

What 'managed devices' means

Devices (laptops, desktops, phones) are where company data meets the real world: they get lost, stolen, hit by malware. Without central management, every device is a potential breach.

We configure and manage the fleet through an MDM platform: each device is enrolled, brought to a security baseline, kept up to date and monitored. The hardware is yours to choose and buy: we secure it and keep it compliant over time.

What's included

  • MDM enrollment of laptops and phones (macOS, Windows, iOS, Android) with automatic configuration.
  • Security baseline following the CIS Benchmarks for each operating system.
  • Patch management: OS and application updates applied and verified, not left to the individual user.
  • Disk encryption (FileVault / BitLocker) enforced and monitored across the whole fleet.
  • Managed EDR (Endpoint Detection & Response): threat detection on the endpoint, with alert triage.
  • Endpoint compliance: policies on screen lock, local firewall, unauthorised software.
  • Remote wipe and lock for lost or stolen devices.
  • Periodic compliance reports, useful for audits and certification paths.

How it works

A staged method. People define and validate the baselines; MDM enforces them and collects evidence automatically.

  1. 1

    Assessment

    We inventory existing devices and assess their state: encryption, updates, exposure.

  2. 2

    Baseline & hardening

    We define CIS policies, configure the MDM and prepare profiles for each operating system.

  3. 3

    Enrollment

    We bring devices under management and apply encryption, EDR and the baseline without disrupting work.

  4. 4

    Management & monitoring

    We keep patches and EDR current, monitor compliance and handle new devices and decommissioning.

Stack & standards

We work at the technology-category level, not locked to a single vendor: MDM/UEM platforms (unified endpoint management), EDR solutions and the OS-native encryption tools (FileVault on macOS, BitLocker on Windows).

References: CIS Benchmarks for per-OS hardening, CIS Controls for overall endpoint hygiene, and the principle of continuous compliance (device posture is checked continuously, not once). We describe technologies by category: we pick the right tools for your fleet, without claiming partnerships we don't hold.

We configure and manage. The hardware (laptops, phones) is yours to choose and buy: we secure it, keep it patched and compliant: we don't resell it.

Timeline & model

  1. 1

    Initial setup : project, typically 1-3 weeks

    Depends on fleet size and the variety of operating systems.

  2. 2

    Ongoing management : monthly per-device fee

    Patching, EDR, compliance monitoring, new enrollments and decommissioning included.

  3. 3

    Large or mixed fleets : on request

    Hundreds of devices, extensive BYOD or specific requirements: we size it together.

When you write to us we inventory your fleet and give you an honest 'from' price.

Frequently asked

Which operating systems does it support?

We manage macOS, Windows, iOS and Android via MDM, applying the appropriate CIS baseline to each. The fleet stays consistent even when it's mixed.

What's EDR and why do I need it beyond antivirus?

EDR (Endpoint Detection & Response) doesn't just block known malware: it detects suspicious behaviour, records what happens on the endpoint and lets you respond. It's the current standard for device protection.

What happens if a laptop is lost or stolen?

With MDM and disk encryption we can lock the device remotely and, if needed, wipe its data. A lost encrypted, managed device doesn't equal a data breach.

Do you manage personal devices (BYOD) too?

Yes, with appropriate policies: we separate the work container from personal data, apply the minimum rules and respect employee privacy. We size it for the specific case.

Is this useful for ISO 27001 certification?

Endpoint security, encryption and patch management are concrete Annex A controls. The compliance reports we produce are audit-ready evidence.

Do you have to buy the computers?

No. You choose and buy the hardware to your preferences. We enroll it, secure it and manage it over time.

Go deeper

Workspace & Identity

SSO, MFA and password manager. Identity protects access, the device protects the entry point: they go together.

Learn more

Detection & Response

EDR alerts flow into monitoring and incident response on a retainer.

Learn more

Zero Trust access

Device compliance posture becomes an access factor, per NIST SP 800-207.

Learn more

Let's secure your devices. Talk to us.

Tell us your need: we inventory your fleet and tell you what you actually need, honestly.

Contact us