Automated identification of anomalous devices

The invention claimed is: 1. A system for managing a plurality of client devices from a management service, comprising: a computing device comprising a processor and a memory, the computing device executing the management service that manages client devices that have been enrolled with the management service and have installed therein a management component for communicating with the management service; and machine-readable instructions stored in the memory that, when executed by the processor, cause the computing device to at least: store, by the management service in a command queue, one or more commands designated for one or more client devices of the plurality of client devices; obtain a set of device check-ins associated with the plurality of client devices over a first time period, wherein, during each device check-in of the set of device check-ins, the management component on a client device retrieves the one or more commands designated for the client device from the command queue and executes the retrieved one or more commands on the client device; calculate a variance of the set of device check-ins based on a quantity of device check-ins that correspond to individual client devices; identify an anomalous device based upon the quantity of device check-ins for the anomalous device exceeding a variance threshold; and publish a notification to a notification channel in response to identifying the anomalous device. 2. The system of claim 1 , wherein the machine-readable instructions further cause the computing device to at least obtain a response in the notification channel to perform a remedial action with respect to the anomalous device. 3. The system of claim 2 , wherein the machine-readable instructions that cause the computing device to perform the remedial action further cause the computing device to at least perform the remedial action in response to a reply received from an admin device associated with an administrative user. 4. The system of claim 1 , wherein the variance threshold is based upon a calculated average variance of the set of device check-ins. 5. The system of claim 1 , wherein the machine-readable instructions further cause the computing device to at least identify the anomalous device based upon an analysis of a second set of the device check-ins obtained over a second time period that is greater than the first time period. 6. The system of claim 1 , wherein the machine-readable instructions further cause the computing device to at least execute a long short-term memory forecaster to detect a second quantity of device check-ins in a subsequent time period based upon a historical log of device check-ins. 7. A method of managing a plurality of client devices from a management service, wherein the client devices are enrolled with the management service and have installed therein a management component for communicating with the management service, said method comprising: storing, by the management service in a command queue, one or more commands designated for one or more client devices of the plurality of client devices; obtaining a set of device check-ins associated with the plurality of client devices over a first time period, wherein, during each device check-in of the set of device check-ins, the management component on a client device retrieves the one or more commands designated for the client device from the command queue and executes the retrieved one or more commands on the client device; calculating a variance of the set of device check-ins based on a quantity of device check-ins that correspond to individual client devices; identifying an anomalous device based upon the quantity of device check-ins for the anomalous device exceeding a variance threshold; and publishing a notification to a notification channel in response to identifying the anomalous device. 8. The method of claim 7 , further comprising: obtaining a response in the notification channel to perform a remedial action with respect to the anomalous device. 9. The method of claim 8 , wherein the remedial action is performed in response to a reply received from an admin device associated with an administrative user. 10. The method of claim 7 , wherein the variance threshold is based upon a calculated average variance of the set of device check-ins. 11. The method of claim 7 , further comprising: identifying the anomalous device based upon an analysis of a second set of the device check-ins obtained over a second time period that is greater than the first time period. 12. The method of claim 7 , further comprising: executing a long short-term memory forecaster to detect a second quantity of device check-ins in a subsequent time period based upon a historical log of device check-ins. 13. A non-transitory, computer-readable medium comprising machine-readable instructions that, when executed by a processor, cause a computing device to carry out a method of managing a plurality of client devices that are enrolled with a management service and have installed therein a management component for communicating with the management service, said method comprising: storing, by the management service in a command queue, one or more commands designated for one or more client devices of the plurality of client devices; obtaining a set of device check-ins associated with the plurality of client devices over a first time period, wherein, during each device check-in of the set of device check-ins, the management component on a client device retrieves the one or more commands designated for the client device from the command queue and executes the retrieved one or more commands on the client device; calculating a variance of the set of device check-ins based on a quantity of device check-ins that correspond to individual client devices; identifying an anomalous device based upon the quantity of device check-ins for the anomalous device exceeding a variance threshold; and publishing a notification to a notification channel in response to identifying the anomalous device. 14. The non-transitory, computer-readable medium of claim 13 , said method further comprising: obtaining a response in the notification channel to perform a remedial action with respect to the anomalous device. 15. The non-transitory, computer-readable medium of claim 14 , wherein the remedial action is performed in response to a reply received from an admin device associated with an administrative user. 16. The non-transitory, computer-readable medium of claim 13 , wherein the variance threshold is based upon a calculated average variance of the set of device check-ins. 17. The non-transitory, computer-readable medium of claim 13 , said method further comprising: identifying the anomalous device based upon an analysis of a second set of the device check-ins obtained over a second time period that is greater than the first time period. 18. The non-transitory, computer-readable medium of claim 13 , wherein the machine-readable instructions further cause the computing device to at least execute a long short-term memory forecaster to detect a second quantity of device check-ins in a subsequent time period based upon a historical log of device check-ins. 19. The system of claim 1 , wherein the machine-readable instructions further cause the computing device to at least: detect a cluster anomaly based on the identified anomalous device and a second anomalous device, wherein the anomalous device and the second anomalous device are grouped into a cluster based on a property shar