🖥️ SBCMSP Agent (Windows)

Windows Internal
Agent
Assess From the Inside

External scans see the perimeter; the SBCMSP Agent sees what's actually happening on client machines. The lightweight Windows agent runs 200 checks across 14 modules — patching, encryption, configuration hardening, backups, Active Directory, GPO, Hyper-V, SQL Server, and login anomalies — then maps the results straight into your compliance reports. A Linux build ships from the same install bundle.

→ Start Free Trial See How It Works
Internal Agent Results WIN-CLIENT-01
88
B
internal safeguards assessed
BitLocker Encryption ENABLED
Windows Patch Level CURRENT
SMB Signing ENABLED
Backup Status REVIEW
Local Admin Hardening PASS
Generated May 24, 2026 · live monitoring active
Why It Matters

The Risks That Don't Show From Outside

An external scan can't tell you whether a client's laptops are encrypted, whether Windows is patched, whether backups are actually running, or whether local administrator accounts are hardened. Those internal controls are where a great deal of real risk lives — and where most compliance frameworks focus.

Checking them manually means remoting into machines one by one, which doesn't scale across a client base and is rarely done consistently.

SBCMSP's internal agent automates that inspection. Run it on client Windows machines and it reports encryption, patching, configuration hardening, backup status, and Active Directory posture — then maps each result to the relevant compliance controls.

01 Lightweight & Pre-Configured
Download a ready-to-run installer and run it as Administrator — no complex setup or infrastructure required.
02 Deep Internal Visibility
Inspect the encryption, patching, and hardening state that external scans simply cannot see.
03 Mapped to Compliance
Internal results feed directly into framework reports — CMMC, CIS, ISO, and others.
What the Agent Checks

Inside-the-Endpoint Coverage

The internal agent inspects the host-level controls that compliance frameworks care about and that perimeter scans can't reach.

ENC
Disk Encryption
BitLocker status
PATCH
Patch Level
Windows update state
CFG
Configuration Hardening
Secure-baseline checks
BKUP
Backup Status
Backup presence & health
SMB
Protocol Hardening
SMB signing and more
AD
Active Directory
Account & AD hardening
How It Works

Internal Assessment in Three Steps

Deploy the agent, run it, and the results flow straight into your reports.

⬇️
1. Download the Installer
Get a pre-configured agent installer from SBCMSP — no manual configuration needed.
🖥️
2. Run as Administrator
Run it on client Windows machines. The agent runs 200 checks across 14 modules and reports back securely.
📄
3. Results Feed Your Reports
Internal findings combine with external scan results and map into the client's compliance frameworks and dashboard.
🔄
Scheduled Re-Checks
Run the agent on a schedule so internal posture stays current and regressions surface as alerts.
📊
Portfolio View
See internal posture across every assessed machine and client from one screen.
🏷️
White-Label Reporting
Internal findings appear in branded client reports under your MSP's name.
FAQ

Common Questions About the Internal Agent

What does the internal agent check that an external scan can't?
The agent runs 200 checks across 14 modules covering host-level controls that aren't visible from outside — including disk encryption (BitLocker), Windows patch level, configuration hardening, backup status, protocol hardening like SMB signing, Active Directory and GPO, Hyper-V, SQL Server, and login anomalies.
How is the agent deployed?
You download a pre-configured installer from SBCMSP and run it as Administrator on the client's Windows machines. It's designed to be lightweight and straightforward to deploy without dedicated infrastructure.
Does it run continuously or on demand?
The agent can be run on a configurable schedule so internal posture stays current, with regressions surfacing as alerts — and it can also be run on demand.
How do internal results connect to compliance?
Internal findings are mapped to the relevant compliance frameworks and combined with external scan results, so a client's report reflects both their perimeter and their endpoint posture. Reports carry your branding on white-label plans.

See What's Really Happening on Client Machines

Deploy the internal agent and bring endpoint posture into your compliance reports.

→ Start Free Trial