An endpoint is any device that connects to a network, such as a laptop, desktop, phone, tablet, or printer, and is managed and secured by IT.
An endpoint is any device that connects to a network and exchanges data with it - a laptop, desktop, phone, tablet, or printer. The word marks the devices at the ends of the network, where people actually work, as opposed to the servers and routing infrastructure in the middle. Every endpoint leads a double life: to the security team it is a possible way in, and to whoever runs hardware asset management it is a physical object with an owner, a cost, and a warranty. Most of what IT departments do day to day - patching, securing, issuing, recovering - is done to endpoints.
What counts as an endpoint
The obvious ones: laptops, desktops, smartphones, tablets. The frequently forgotten ones: networked printers and scanners, VoIP desk phones, point-of-sale terminals, meeting-room screens, kiosks, and the growing pile of network-connected sensors and cameras. The test is simple - if it has a network connection, it is an endpoint, even when nobody thinks of it as a computer.
What is generally not called an endpoint: the network gear in between (routers, switches, access points), which is infrastructure, and servers, which most teams treat as their own category.
Endpoint vs server
Both are computers on a network; the distinction is role and exposure. Endpoints are many, mobile, and in users’ hands - they leave the building, connect to café wifi, get dropped, and get stolen. Servers are few, fixed, and physically secured, serving many users at once. Tooling splits along the same line: endpoint protection and device management on one side, server monitoring and hardening on the other. The practical consequence is that endpoints generate most of the day-to-day work, simply because there are more of them and they live rougher lives.
Why endpoints matter
For security, endpoints are the common entry point - phishing lands in an inbox open on a laptop, and a stolen phone is a stolen mailbox. For finance and operations, the endpoint fleet is usually the largest pool of movable equipment a company owns: each device carries a purchase price, a warranty clock, and company data, and each changes hands at every hire, leave, and repair. An endpoint nobody can account for is a security hole and a write-off at the same time.
Endpoint management vs endpoint tracking
Two different questions get asked about every endpoint, and they need two different records. MDM and endpoint-protection agents answer the software question: is this device encrypted, patched, and behaving. An asset register answers the custody question: who has it, what it cost, when the warranty ends, and what has happened to it - including devices an agent can never enrol, like monitors and docks. Asset discovery tools can help find unknown devices, but a found device still needs a record. In AMPthilly, each endpoint - from laptops to office phones - gets a register entry with its owner, serial number, warranty date, and full checkout history, opened by scanning a QR label with a phone camera.
Related terms
- MDM - the software that configures and secures enrolled endpoints
- BYOD - personal devices acting as endpoints on company networks
- Hardware Asset Management - the custody and cost record for the endpoint fleet
- IT Inventory - the periodic count that keeps the endpoint list honest
- Asset Discovery - finding the endpoints nobody recorded