About Change Tracking

Change Tracking captures audit-driven attribute deltas for the devices in your site. When the feature is enabled and an audit produces a value that differs from the previously stored snapshot, AlloyScan records a change event with the prior and new values, the affected attribute, and the time of detection. Use it to maintain an audit trail of how endpoint configuration evolves over time.

How Change Tracking works

Change Tracking is a per-site capability with a master toggle that is OFF by default. Once enabled, the system inspects each new audit snapshot, compares it against the prior snapshot for the same device, and emits a change event whenever a tracked attribute moves to a new value.

Tracking is selective: each of the seven categories has its own list of sub-attribute checkboxes, so you choose exactly which fields participate. The seven categories are General, System, Security, User accounts, AWS assets, Azure assets, and Custom audit fields.

Change events appear in two places:

• The Change history tab on the device form, showing per-device deltas with Date, Type, Category, Attribute, Old value, and New value columns.
• The site-scope Change log under Admin Center > Site Settings > Logs > Change log, which records configuration-level changes across Sites, Users, Segments, Reports, Tags, and Notification templates with Added, Modified, and Deleted verbs.

A Retention period setting controls how long stored change records are kept. When the period elapses, the records are auto-purged. Administrators can also clear stored change data on demand with the Purge change history action.

Note: Turning the master toggle OFF stops new change events from being recorded but does not delete previously captured records. Existing records remain until retention expires or you run a manual purge.

Why this matters

• Compliance and audit trail. Change Tracking provides the durable record of "what changed, when, and from what to what" required by audit-driven compliance regimes. Combined with the Change log, you get both device-level and configuration-level provenance.
• Troubleshooting. When a device starts behaving differently after a maintenance window or scripted rollout, the per-device Change history tab is the first stop for correlating the symptom with a concrete attribute delta.
• Software compliance. When the General category has the Required software, Forbidden software, and Regular software sub-attributes ticked, the software change history surfaces installs and removals you can reconcile against your software policy.

Key distinctions

• Change tracking records audit-driven attribute deltas on inventory devices. Change log records configuration-level changes (Sites, Users, Segments, Reports, Tags, Notification templates) with Added / Modified / Deleted verbs.
• Change tracking runs on audit data and depends on the master toggle plus per-category checkboxes. The Audit log records audit task execution (initiator, status, errors) regardless of the Change Tracking toggle state.
• The Custom audit fields category lets your site's custom fields participate in change tracking just like built-in attributes.

Limitations

• The master toggle is OFF by default; until you enable it and tick sub-attributes for a category, the device Change history tab shows "No data to display".
• Public documentation has historically described five categories; the UI exposes seven. Treat the seven-category UI as authoritative.
• The Retention period is a fixed enum (6 months / 1 year / 2 years / 3 years / 5 years). Custom values are not supported.
• The visibility of the Change log menu entry depends on deployment-level availability.

Note: Details may vary by deployment.

Related

• How to Enable Change Tracking
• How to View Change History
• Change Tracking Reference
• Device Form Reference