Read time: 3–4 minutes
Earlier this year, Smart Access shared that we would begin reviewing VPN device data to better understand the security posture of devices connecting to university resources.
That work is now producing measurable baseline insights.
This article builds on our January update, which outlined our visibility-first approach.
Why we collected this data
Before considering any policy or enforcement decisions, we needed to answer a basic question:
What is the current state of device hygiene across devices accessing VPN?
Audit mode was enabled across:
- DoIT VPN
- CALS – Genetics (Pilot partner)
- All WiscVPN services (as of December 22, 2025)
Audit mode collects Host Information Profile (HIP) signals without enforcing access restrictions. The goal is visibility, not enforcement. More details on audit mode available in this KB article.
The checks align with UW-526 endpoint management standards and focus on:
- Supported operating system versions
- Patch recency (updates installed within 90 days)
- Active antivirus/Endpoint Detection and Response (EDR) presence
More detailed compliance definitions are available in this KB article.
Scope of initial data
From a single-day VPN sample:
- 3,670 unique devices
- 3,616 unique users
Since December 22, 2025 (WiscVPN audit-mode enablement):
- 16,117 unique devices
- 13,878 unique users
Single day compliance snapshot
The following is compliance snapshot data from a single day – Friday, February 20, 2026.
Across all devices:
- 17.61% were non-compliant with baseline endpoint standards.
Breakdown of non-compliance drivers:
- 3.41% running unsupported operating systems
- 10.29% missing operating system updates older than 90 days
- 4.75% failing antivirus/EDR compliance checks
The primary driver of non-compliance is patch recency, not unsupported operating systems or missing antivirus.
This confirms what many IT professionals have described: maintaining consistent patch levels across diverse environments remains challenging.
BYOD (bring your own device) Concentration
Note: BYOD is currently defined as any device that isn’t joined to Campus Active Directory or has either BigFix or Workspace ONE installed with a UW–Madison configuration. At this time, Android, iOS, and Linux devices are included in the BYOD device list.
The data shows uneven distribution of compliance gaps:
- 50.88% of total devices are BYOD
- 75.78% of non-compliant devices are BYOD
This does not mean unmanaged devices are inherently unsafe. It does indicate greater variability in patching and endpoint tooling across unmanaged populations.
Understanding this distribution helps inform where communication, automation, or support may have the greatest impact.
macOS Observations
macOS devices show higher-than-average compliance gaps in two areas:
- 6.90% running unsupported operating systems
- 26.67% missing OS updates older than 90 days
This mirrors concerns raised by IT partners that achieving timely macOS patch compliance is challenging given existing endpoint management capabilities.
What this data is — and is not
This data represents:
- A baseline snapshot
- Visibility into real device posture
- A starting point for measurable improvement
It does not represent:
- An enforcement decision
- A new compliance requirement
- A change to VPN access policy
Currently, we have no plans for enforcement, and it remains out of scope for this phase of work.
The current phase focuses on auditing and, in later phases, piloting user notifications on DoIT and Genetics VPNs — not restricting access.
Why this matters
Zero Trust maturity requires moving from assumptions to evidence.
These data points allow the university to:
- Quantify device hygiene trends.
- Identify concentration areas for risk reduction.
- Define measurable objectives and outcomes.
- Evaluate whether notifications or automation improve compliance over time.
This moves the Devices pillar from a primarily manual and reactive model toward systematic visibility and analytics. Visibility first. Informed decisions next.
Additional updates will be shared as pilot notification efforts mature and trends are evaluated over time.