The Vanta agent checks four things on a laptop: whether the disk is encrypted, whether a password manager is installed, whether antivirus is running, and whether the screen locks on its own. That is the entire job. It is a lightweight background program that reports those signals back to Vanta so your compliance evidence stays current without anyone emailing screenshots to an auditor.
Most of the confusion around it comes from one of two directions: people expect it to manage their fleet like a full device-management platform, or they worry it reads far more than it does. Neither is true, and the gap between those two assumptions is where this guide lives.
What follows covers what the agent collects, what it deliberately ignores, how it talks to the Vanta platform, how it stacks up against a full MDM, and which compliance frameworks the evidence ends up supporting.
What Is the Vanta Agent?
The Vanta agent is a small program installed on employee computers to continuously confirm that each device meets a short list of security requirements. If you have seen it referred to as the Vanta Device Monitor, that is the same product under an earlier name. The two terms are interchangeable.
Under the hood, it runs a hardened build of osquery, an open-source framework that exposes operating system state as a queryable SQL database. Vanta ships a modified version that strips out the tables it considers risky, which is why the agent can read a disk-encryption flag but cannot pull your browser history or SSH keys.
It is read-only by design. It inspects configuration and reports back; it never changes a setting on the machine. Vanta positions it primarily for smaller fleets, generally companies running fewer than about 75 devices, where standing up a full management platform would be overkill.
What Does the Vanta Agent Do?
The agent exists to turn a recurring manual chore — proving that every laptop is configured securely — into something that happens quietly in the background.
Continuous Device Monitoring
Once installed, the agent keeps tabs on the device’s security posture on an ongoing basis rather than at a single point in time. This matters because audits care about whether a control held throughout the period, not whether it happened to be true the morning someone took a screenshot. Continuous checks caught the laptop with encryption switched off last Tuesday.
Automated Compliance Checks
Each signal the agent gathers maps to a control your auditor wants evidence for. Instead of chasing employees for proof that their disk is encrypted, the check runs automatically, and the result flows into Vanta as evidence. The work that used to eat days of an onboarding cycle collapses into a background process.
Real-Time Security Posture Tracking
The findings appear in Vanta as pass or fail states against each requirement, so a security lead can see fleet-wide compliance at a glance. A device that drifts out of compliance surfaces quickly, which shortens the window between a problem appearing and someone noticing it.
What Information Does the Vanta Agent Collect?
This is the question employees actually care about, and the honest answer is reassuring: the agent collects security configuration, not content. It does not transmit passwords, environment variables, SSH keys, emails, or browsing history. It reads whether protections are switched on, not what you are doing with the machine.
Insider Note: The reason the agent cannot snoop even if someone wanted it to is architectural, not a policy promise. Vanta deploys a modified osquery build that removes the tables capable of reading sensitive content. The dangerous queries are not blocked at the dashboard; they are absent from the binary. That distinction is worth raising directly when an employee pushes back on installation.
Operating System and Version Details
The agent records the OS and version so Vanta can confirm the device runs a supported, patchable platform. An end-of-life operating system is a control failure in its own right, and this is how it gets flagged.
Disk Encryption Status
It checks whether full-disk encryption is active — FileVault on macOS and BitLocker on Windows. This is the single most universally required device control across every major framework, which is also why it is the one Linux check the agent does support.
Screen Lock and Password Policies
The agent verifies that the screen locks automatically after a period of inactivity and that a password or equivalent is required to get back in. An unlocked laptop left on a train is a textbook breach, and this control is the cheapest defense against it.
Antivirus and Firewall Status
It confirms that antivirus or endpoint protection software is installed and running. The point is not to endorse a particular product but to prove that some recognized protection is active and has not been quietly disabled.
Installed Software and Auto-Update Settings
To detect the controls above, the agent reads the list of installed applications — for example, to confirm a password manager is present — along with update-related settings. It is reading the inventory to verify protections exist, not building a behavioral profile of the user.
How Does the Vanta Agent Work?
How the Agent Communicates with the Vanta Platform
After installation, the employee registers the device against your Vanta account, which links that machine to its owner. From then on the agent runs its checks locally and sends only the results — the pass or fail signals — up to Vanta over an encrypted connection. The raw system queries stay on the device. What travels is the verdict, not the underlying data.
How Often the Vanta Agent Runs Checks
The agent uses osquery’s scheduled-query model, meaning each check runs on a recurring interval in the background rather than continuously hammering the system. Results sync to Vanta periodically through the day, and the platform’s tests re-evaluate on a regular cadence so a freshly remediated device clears its failing check without anyone forcing a manual refresh. In practice, a fixed laptop usually shows green within hours, not at the next audit.
Getting Started with the Vanta Agent
Supported Operating Systems and Versions
The agent supports current versions of macOS and Windows, plus several Linux distributions — primarily Ubuntu and close relatives — on the condition that the device exposes a stable, unique hardware identifier. There is one significant caveat on Linux: the agent can only check disk encryption there. Screen lock, antivirus, and password-manager detection are not available on Linux, so those controls will need manual evidence or MDM coverage on Linux machines.
How to Install the Vanta Agent
Installation is a per-device download. The employee logs into Vanta during onboarding, downloads the installer for their operating system, runs it with administrator rights, and completes a short browser-based registration that ties the device to their account. No additional configuration is needed; the agent arrives ready to work with your account.
Pro Tip: Two avoidable issues cause most failed installs. The installer needs administrator permissions, so run it as admin from the start. It also opens a browser window to finish registration, which means a machine with no default browser set will hang and time out. Set a default browser before you begin, and temporarily pause aggressive antivirus that may block the install.
Assigning Device Monitoring Tasks to Personnel
Rather than chasing installs individually, you assign a “Require device monitoring” task to the relevant employee group in Vanta. With the prompt option enabled, employees are walked through installing the agent themselves, and the task passes automatically once their computer registers. For teams using an MDM instead, you can assign the same requirement without prompting for the agent.
Vanta Agent vs. Mobile Device Management (MDM) Solutions
The agent and an MDM solve overlapping problems with very different scope. The agent is a compliance-evidence sensor. An MDM is a management platform that can also enforce and remediate. Understanding where that line sits will save you from reaching for the wrong tool.
The agent reads configuration and reports it; it cannot push a fix. An MDM can lock a device remotely, enforce a policy centrally, and wipe a machine that has gone missing. At the same time, an MDM typically requires more infrastructure, more administrative overhead, and meaningful per-seat cost. The agent, by contrast, is included in Vanta’s platform and takes minutes to deploy.
The practical dividing line is fleet size and risk appetite. For a team of twenty, the agent usually provides everything a SOC 2 auditor needs at the device level. For a team of two hundred spread across multiple office locations, the inability to remotely enforce or remediate becomes a genuine gap — and that is where a full MDM earns its keep.
When to Use the Vanta Agent
Reach for the agent when you are a smaller or earlier-stage company that needs solid compliance evidence without the cost and administrative weight of a management platform. It is also the right tool for filling coverage gaps — such as the Windows laptops your macOS-only MDM cannot see.
When to Use an MDM Integration Instead
As the fleet grows, the limits of a read-only sensor start to show. An MDM lets you enforce configuration rather than just observe it, push fixes centrally, and manage devices at a scale where chasing individual installs stops being realistic. Larger organizations and anyone needing remote lock or wipe should lean on an MDM as the system of record.
Using Both Together
These are not mutually exclusive. A common pattern is to run an MDM as the primary monitoring source and keep the agent as a secondary option for devices the MDM does not cover. If a computer reports through both, Vanta simply shows both sources. You get the enforcement of the MDM where it reaches and the agent’s coverage everywhere else.
Integrating the Vanta Agent with Your Existing Tools
MDM Integrations Supported by Vanta
Vanta connects with several widely used MDM platforms, including Jamf, Kandji, and JumpCloud, configured from the Integrations page in your dashboard. When an MDM is connected, devices it manages stay visible for monitoring without the agent installed, and unmonitored-device tracking adjusts accordingly. The choice between sources is yours to set per task.
Viewing and Managing Company Computers in Vanta
The Computers page is the single view of every device under monitoring, whether the data comes from the agent or an MDM. Each row shows a machine, its owner, and a column of check marks or X’s — one per security control. A green check means the control is met; an X means it is not. Clicking a user opens their fuller profile, including onboarding and access status alongside their device details.
Which Compliance Frameworks Does the Vanta Agent Support?
A clarification first, because this is where expectations run ahead of reality. The agent does not “support a framework” the way a product supports a file format. It supplies one category of evidence — endpoint security configuration — that maps to specific controls inside many frameworks. The frameworks themselves are far broader, covering policies, access management, vendor risk, and much more that has nothing to do with a laptop.
SOC 2
SOC 2, defined by the AICPA, is built around five Trust Services Criteria, and the device controls the agent checks feed directly into the Security criterion. Encryption, access control, and endpoint protection evidence are routine asks in a SOC 2 audit, and the agent automates the device-level portion of that.
ISO 27001
ISO/IEC 27001 is the international standard for information security management systems. Its Annex A controls include explicit expectations around endpoint security and cryptography, and the agent’s encryption and protection checks line up with those control objectives.
HIPAA
For organizations handling protected health information, the HIPAA Security Rule, administered by the U.S. Department of Health and Human Services, requires safeguards for electronic PHI. Device encryption and access controls are core technical safeguards, and the agent provides ongoing evidence that they are in place.
GDPR
The General Data Protection Regulation requires appropriate technical measures to protect personal data, with encryption named explicitly as an example in Article 32. The agent’s monitoring helps demonstrate that devices touching EU personal data meet that bar on an ongoing basis.
FedRAMP
FedRAMP governs cloud services used by U.S. federal agencies and is the most demanding of the group by a wide margin. Worth flagging: in 2026 the program shifted its core terminology, now describing approved services as FedRAMP certified rather than authorized. The agent’s device evidence is a small input into a far larger continuous-monitoring obligation here — not anything close to the whole picture.
Important: Installing the agent and turning every check green does not make you compliant with any of these frameworks. The device controls are one slice of evidence among dozens. Treating a fully green Computers page as “we passed SOC 2” is the most common misread of what the agent actually buys you.
Conclusion
The agent is a focused tool that does one job well: it keeps your device-security evidence current and honest without manual effort. It reads configuration, never changes it, and reports only verdicts rather than content. For smaller fleets it can carry the device-monitoring load on its own; for larger ones it works best as a complement to an MDM. Match it to your fleet size and your framework’s real requirements, and it quietly removes one of the more tedious parts of staying audit-ready.
Frequently Asked Questions About the Vanta Agent
Is the Vanta Agent the Same as the Vanta Device Monitor?
Yes. They are two names for the same software. Older documentation and some installers refer to the Vanta Device Monitor, while the agent is the current name. There is no functional difference.
Does the Vanta Agent Access Personal Data?
No. It does not transmit passwords, emails, browsing history, environment variables, or SSH keys. It reads security-configuration flags — such as whether encryption is on — and reports the results. The sensitive osquery tables are removed from the build entirely.
Can Employees See What the Vanta Agent Is Collecting?
Yes, and this is a useful point to share with skeptical staff. Because the agent runs osquery, a technically inclined employee can inspect the exact set of queries it executes on their machine using the agent’s command-line tools. Nothing about what it checks is hidden.
What Happens If an Employee's Device Fails a Check?
The device shows an X against the failing control on the Computers page, and the corresponding Vanta test flags as failing. Remediation is usually straightforward — for example, switching encryption back on — and once the agent’s next check picks up the fix, the status clears on its own.
Is the Vanta Agent Available for Linux?
Partially. The agent runs on several Linux distributions, mainly Ubuntu and close variants, but it can only check disk encryption there. Screen lock, antivirus, and password-manager detection are not supported on Linux, so those controls need manual evidence or an MDM for Linux devices.
How Do I Know the Vanta Agent Is Running?
The agent includes a built-in diagnostic tool — run via its command-line interface as vanta-cli doctor — which checks for common problems and reports what it finds. On Windows you run it from an administrator command prompt. The device also appearing on your Computers page is the simplest confirmation that it is reporting.
Can the Vanta Agent Be Deployed at Scale?
It can be pushed to many machines, including through MDM-delivered install scripts, but Vanta recommends it mainly for fleets under roughly 75 devices. Beyond that size, a dedicated MDM is the better backbone, with the agent filling gaps the MDM cannot reach. Scale is exactly the line where most teams graduate from the agent to an MDM-first setup.