HomeScenarios › Audit week
SCENARIO: AUDIT WEEK

Audit week: what exactly is on that machine?

The evidence request doesn't care how good your memory is. This is the week the difference between an intended state and a signed-off record stops being academic.

The question that starts the week

The evidence request lands, and somewhere around item twelve it asks: describe the standard configuration applied to end-user devices, including any hardening, and provide evidence of when it was applied and who approved it.

You are not worried about the machines. You are worried about the word evidence. The estate is probably fine — the problem is proving it, this week, to someone whose job is not to take your word for it.

Reconstruction is not a record

Here is how that question usually gets answered:

Each of these describes the estate's intended state. None of them is a record of what was deployed, when, and on whose approval. That gap — between here is our current policy set and here is what we built, and here is the sign-off — is exactly the gap an auditor is trained to probe.

The plan you approved is the record

Decolla builds Windows devices through your own Microsoft Intune and Autopilot tenant — and it refuses to run anything until a plan exists.

The wizard defines the build up front: platform, chassis, scenario and make, then configuration, then selection from a curated catalogue of 260+ pre-built, industry-tested items across 21 sections — policies, scripts and fixes, filtered for relevance and defaulted by a conditional engine, so OEM tooling follows the make, power configuration follows the chassis, and hardening is part of the build rather than an afterthought.

The output is an itemised, written plan. Every line states what will be applied, how it will be delivered, and its reversibility class — from automatically reversible through to irreversible, with irreversible items flagged before you approve anything. Nothing runs until you have read the plan and approved it. Then deployment runs unattended, in your tenant.

That document — the itemised plan plus your approval — is the audit artefact. When the evidence request asks what the standard configuration is and who approved it, you are not reconstructing. You are attaching.

What it proves — and what it doesn't

Worth being precise here, because your auditor will be:

A record that states its own limits plainly tends to survive scrutiny better than one that claims everything.

Built on the answering side of the table

Decolla is a product of The Cloud Platform Ltd, a working UK IT consultancy — the kind of business that sits on the answering side of these evidence requests, not the asking side. The plan-first design exists because reconstruction from memory is a poor way to spend audit week, and everyone who has done it knows it.

Decolla is currently in private build. If a device build whose paperwork exists as a by-product of doing the build would change your next audit week, the early-access waitlist is open below.

See it on a real device.

Decolla is in private build — early-access members see a build defined, deployed and rolled back first.

Get early access