Enterprise device management consoles are powerful. They are also among the most complex interfaces in IT. A typical MDM/UEM platform exposes hundreds of configuration options across device policies, compliance rules, app deployment, patch management, and security controls. IT teams navigate nested menus, write JSON or XML configuration profiles, and cross-reference documentation to perform routine tasks.
The result is predictable: IT administrators spend roughly 70% of their time on repetitive operations pushing the same patch to the same device group, generating the same compliance report for the same audit cycle, investigating the same category of support ticket. Compliance reporting alone consumes 15 or more hours per week in many organizations, mostly spent pulling data from multiple systems and formatting it into audit-ready documents.
The insight behind ViVi was straightforward. Most MDM operations follow patterns that can be expressed in natural language. “Block personal email apps on BYOD devices in engineering” is a precise instruction. The gap is not in what the administrator knows it is in the translation from intent to the dozens of configuration fields required to execute it. ViVi closes that gap.
ViVi is an AI-powered agent embedded directly inside WeGuard, Wenable’s enterprise MDM/UEM platform. It transforms complex IT operations into natural language interactions not as a chatbot bolted onto the side, but as an integrated agent that understands device context, organizational hierarchy, and the full policy model.
The Agent Architecture
Early in development, we evaluated a monolithic agent design: a single large language model handling all queries through a unified prompt. It became clear within weeks that this approach could not scale. Device management spans too many specialized domains. A model optimized for policy configuration is not the same model you want analyzing telemetry data for hardware failure prediction. The context windows required to hold compliance regulations alongside device inventories and historical ticket data exceeded practical limits.
We adopted a multi-agent architecture with three specialized sub-agents coordinated by a supervisor.
- Policy Agent: Interprets natural language instructions and maps them to MDM configuration profiles. It understands WeGuard’s policy schema, device group hierarchies, and platform-specific constraints (iOS vs Android vs Windows vs macOS).
- Compliance Agent: Monitors device fleets against regulatory baselines, detects policy deviations, performs automated root cause analysis, and produces audit-ready reports. It maintains an internal model of compliance frameworks relevant to each customer’s industry.
- Health Agent: Ingests device telemetry battery cycles, storage utilization, OS version drift, connectivity patterns and runs ML models that predict hardware failures and recommend preventive maintenance windows.
A supervisory layer routes incoming requests to the appropriate sub-agent, handles multi-agent workflows that span domains (for example, a compliance violation that requires both a policy change and a device health check), and manages shared context.
This architecture maps directly to the 7-Layer Agentic AI Stack we published as a reference framework. The Policy, Compliance, and Health agents operate at Layer 5 (Agent Orchestration), grounded by Layer 3 (Memory, Context & Knowledge) for enterprise data retrieval, connected to WeGuard’s APIs through Layer 4 (Tools, Protocols & Integrations) via MCP servers, and governed by Layer 6 (Observability, Evaluation & Governance) for audit trails and access control.
The multi-agent design provides two practical benefits beyond specialization. First, each agent can use a different model optimized for its task the Policy Agent runs a fine-tuned SLM for fast, precise configuration generation, while the Health Agent uses a larger model for complex telemetry analysis. Second, agents can be updated independently. Shipping a new compliance framework does not require retraining or redeploying the Policy Agent.
Natural Language Policy Management
Consider the instruction: “Block all personal email apps on BYOD devices in the engineering department.”
This sentence contains five distinct operational parameters: an action (block), a target (personal email apps), a scope (BYOD devices), an organizational filter (engineering department), and an implicit device ownership model. Translating this into an MDM policy requires selecting the correct configuration profile type, identifying the app categories to restrict, applying the right device group filters, and ensuring the policy does not conflict with existing rules.
ViVi’s Policy Agent processes this through a multi-stage pipeline.
Intent classification determines the operation type (policy creation, modification, query, or deletion) and the policy domain (app management, security, network, compliance). We use a fine-tuned classifier that maps natural language instructions to WeGuard’s policy taxonomy with over 95% accuracy on production traffic.
Entity extraction identifies the specific parameters: app category (“personal email”), device filter (“BYOD”), organizational scope (“engineering department”), and action type (“block”). These entities are resolved against WeGuard’s live data confirming that an “engineering department” device group exists and contains BYOD-enrolled devices.
Policy generation produces the actual configuration profile in WeGuard’s schema. The Policy Agent generates the configuration, validates it against schema constraints, and checks for conflicts with existing active policies.
Safety verification is the final stage before execution. The agent classifies each generated policy by risk level. Low-risk operations (querying device status, generating reports) execute immediately. Medium-risk operations (modifying non-security policies) require confirmation. High-risk operations (wiping devices, modifying security baselines, bulk policy changes affecting more than 100 devices) require explicit human approval through WeGuard’s existing approval workflow.
A key engineering decision was training a fine-tuned small language model for the intent classification and policy generation stages rather than relying on a general-purpose LLM. A fine-tuned 3B parameter model trained on tens of thousands of policy configuration examples outperforms a general-purpose 70B model on this task not marginally, but significantly. The domain-specific model understands WeGuard’s policy schema natively. It does not need lengthy system prompts explaining what a “restriction profile” is or how device group inheritance works. It also runs at sub-100ms latency, which matters when an administrator is issuing a sequence of rapid commands.
Grounding in Enterprise Data
An AI agent that hallucinates a device policy is not merely unhelpful it is dangerous. A fabricated compliance report could expose an organization to regulatory penalties. An incorrect configuration pushed to a fleet of devices could lock out users or create security vulnerabilities. In device management, accuracy is not a quality metric. It is a safety requirement.
ViVi’s knowledge layer uses Retrieval-Augmented Generation to ground every response in verified enterprise data. The RAG system indexes multiple data sources, each with its own parsing and chunking strategy.
- Device documentation: Vendor-specific configuration guides, platform release notes, and API documentation for iOS, Android, Windows, and macOS management
- Policy templates: The full library of WeGuard configuration profile schemas, with parameter descriptions and valid value ranges
- Compliance regulations: Industry-specific frameworks (HIPAA, SOC 2, PCI-DSS, GDPR device management requirements) parsed into structured rule sets
- Historical tickets: Resolved support tickets and incident reports, providing precedent for common issues and their solutions
- Organizational data: Device inventory, user directories, group hierarchies, and active policy configurations pulled live from WeGuard’s data layer
We use hybrid search dense vector embeddings for semantic similarity combined with sparse keyword matching for precise technical terms. This is critical in device management, where “MDM profile” and “configuration profile” are semantically similar but “com.apple.configuration.managed” is a specific technical identifier that must be matched exactly.
The retrieval pipeline includes a verification step: before the agent presents any factual claim about a device’s status, a policy’s configuration, or a compliance requirement, the claim is checked against the retrieved source documents. If the agent cannot ground a statement in retrieved evidence, it says so explicitly rather than generating a plausible-sounding answer.
Compliance and Governance
Enterprise device management operates in regulated environments. Healthcare organizations must comply with HIPAA. Financial services with SOC 2 and PCI-DSS. Government agencies with FedRAMP and NIST frameworks. An AI agent operating in these environments must meet the same compliance standards as any other system component and in practice, it must exceed them, because AI actions require additional transparency.
ViVi’s governance layer enforces three principles.
Role-based access control (RBAC) is external to the agent. The agent does not decide what it is authorized to do. WeGuard’s existing RBAC system determines which actions are available based on the requesting user’s role. A helpdesk technician interacting with ViVi has the same permissions as they would navigating the console manually no more, no less. The agent cannot escalate its own privileges.
Human-in-the-loop is mandatory for destructive operations. Any action classified as destructive device wipes, security policy modifications, bulk configuration changes, or actions affecting production device groups requires explicit human approval. The agent presents its proposed action, the reasoning behind it, the devices affected, and the expected outcome. The administrator reviews and approves, modifies, or rejects. This is not a configurable preference. It is a hard architectural constraint.
Every action generates a complete audit trail. Each ViVi interaction is logged with the requesting user’s identity, the natural language instruction, the agent’s interpretation, the specific actions taken, the devices affected, timestamps, and an AI-generated explanation of the reasoning chain. The Compliance Agent can query these audit logs to generate compliance reports that include AI-assisted actions alongside manual ones, providing auditors with full traceability.
The audit trail serves a second purpose: continuous evaluation. We analyze the logs to identify patterns queries the agent struggles with, actions that are frequently modified after review, policy generations that require correction. This feedback loop drives improvements to the fine-tuned models and retrieval pipeline.
Impact and Lessons Learned
ViVi has been operating inside WeGuard across multiple customer environments. The measurable impact has validated the multi-agent architecture and the investment in domain-specific fine-tuning.
- 70% reduction in routine device management tasks. Operations that previously required navigating multiple console screens policy creation, device group management, configuration updates are now handled through natural language commands.
- 15+ hours per week saved on compliance reporting. The Compliance Agent generates audit-ready reports automatically, pulling data from device inventories, policy configurations, and historical compliance records. What previously required manual data aggregation across multiple systems now takes a single request.
- 45% reduction in support tickets. The Health Agent’s predictive models identify devices trending toward failure or non-compliance before they generate support tickets. Proactive alerts and automated remediation suggestions address issues before end users are affected.
- Non-technical staff participation in IT operations. Department managers can now query device status and request standard configurations without submitting IT tickets. The natural language interface has broadened the pool of people who can interact with the MDM platform, while RBAC ensures they can only perform actions appropriate to their role.
Several lessons from the ViVi project have informed our broader approach to enterprise AI agents.
Start with narrow, high-frequency tasks. We did not attempt to replace the entire MDM console on day one. ViVi launched with three capabilities: policy queries, compliance report generation, and device status lookups. These were the highest-volume, most repetitive tasks. Proving value on narrow tasks built trust and generated the usage data needed to expand capabilities responsibly.
Invest in evaluation before scaling. Before adding each new capability, we built the evaluation pipeline for it. Automated tests validate policy generation accuracy, compliance report correctness, and health prediction precision against known baselines. Without rigorous evaluation, expanding agent capabilities is expanding risk.
Governance is not optional it is foundational. In early prototypes, we treated audit logging and RBAC integration as features to add later. We learned quickly that governance must be built into the architecture from the start. Retrofitting it is an order of magnitude harder, and enterprise customers will not deploy an AI agent without it.
What This Means
The pattern ViVi represents an AI agent embedded inside an existing enterprise platform is, in our view, the most practical path for enterprise AI adoption. The value is not in replacing platforms that organizations have already invested in. It is in making those platforms more accessible, more efficient, and more intelligent.
The enterprise software stack is full of powerful tools with complex interfaces. Device management is one example. ERP systems, manufacturing execution systems, logistics platforms, and clinical systems all share the same pattern: deep capability behind steep learning curves. AI agents that understand these domains, operate within existing governance frameworks, and augment human operators rather than replacing them will define the next generation of enterprise software.
We are continuing to expand ViVi’s capabilities inside WeGuard, and applying the same multi-agent architecture to other enterprise domains. The 7-Layer Agentic AI Stack provides the blueprint. ViVi is the proof that it works.