Scheduled compliance reports

Enterprise feature. Settings → Scheduled reports.

Recurring compliance digests per connected tenant, delivered through your notification channels (Slack, Teams, email, or signed webhook).

Prerequisites

1. Enterprise plan - scheduled reports require the webhooks capability (same tier as outbound notifications).
2. At least one enabled notification channel - create channels under Settings → Notifications first.
3. Imported tenant - the tenant must have completed onboarding and have snapshot data.

Creating a schedule

1. Open Settings → Scheduled reports.
2. Pick a tenant, cadence (weekly or monthly), and notification channel.
3. Save. The next run time is computed from the cadence and shown in the table.

What the digest contains

Each run builds a compliance-oriented summary for the tenant:

• Policy counts from the latest snapshot (total vs enforced)
• Drift severity counts from the workspace rollup
• MFA at-risk counts and pending exclusions
• Health bucket (critical / warning / ok)

Framework-level scoring from the in-app compliance scenarios page is not included in the edge digest - use tenant compliance reports for framework detail.

How delivery works

A platform cron (reports-scheduled-dispatch, every 15 minutes) finds due schedules, inserts a compliance.report.scheduled alert, and the normal alert dispatch path fans out to the selected channel.

Managing schedules

• Disable - toggles enabled without deleting the row.
• Delete - removes the schedule; no further digests are sent.

Every mutation is audit-logged.

Troubleshooting

• No digests received - confirm the channel works with Test channel on Settings → Notifications, and check Delivery log on that page for failed rows.
• Schedule never runs - verify the tenant is not paused or disconnected; cron must be enabled in production (see operator cron jobs doc).
• Wrong channel - delete and recreate the schedule; channel secrets cannot be edited in place.