October 11, 2024

Managing Stale Device Records with Omnissa Intelligence

Keeping device records current is essential for IT security, compliance, and efficiency. Workspace ONE Intelligence provides tools and insights for proactive device management. Utilizing real-time analytics, automated alerts, detailed reporting, and actionable insights, organizations can maintain up-to-date device records effortlessly.

Omnissa Intelligence Report, Dashboard, and Freestyle Orchestrator workflow are available for customers with Workspace ONE Mobile, Desktop, and UEM Essentials (with a limitation of UEM platform only automation actions). Customers with Workspace ONE Intelligence Add-On, Risk Analytics Add-On, and Experience Analytics Add-On can leverage Freestyle Orchestrator workflow with any 3rd party action.

One common challenge IT organizations face is dealing with stale devices—those that are no longer in use, lost, or stolen, but still appear in the records. Managing these stale device records is vital for several reasons, including data accuracy, security, and resource efficiency. Omnissa Intelligence offers robust tools and strategies to help manage these records effectively.

Why are Stale Devices a Problem?

There are multiple aspects as to why IT organizations should be managing stale devices.

Data Accuracy: Stale devices can skew data analysis and reporting. When these devices remain in your Workspace ONE environment, they can create a false representation of your device inventory, leading to inaccurate insights and decision-making. For instance, if you are analyzing device usage trends, the presence of stale devices can distort the actual usage patterns. This would also impact your Workspace ONE license consumption as it does not represent your true license utilization.

Security: Because devices are not reporting their up-to-date information to Workspace ONE, we are uncertain about the device posture. They may still have access to sensitive information or network resources. If these devices fall into the wrong hands, it could lead to data breaches and other security incidents.

Business Continuity: Stale devices, if they are in use but do not communicate with Workspace ONE, will not get any policy or resource updates. Businesses can be at risk if devices are running older, unsupported versions of apps or software.

Monitoring Stale Devices with Workspace ONE

The major indicator of a stale device within the Workspace ONE console is the device last seen time. The device last seen time indicates the last time the device has checked into the Workspace ONE console and reports the data. If a device is not checking in for a long time, it could indicate that there may be a problem with the device connection. 

There could be multiple reasons as to why devices are not checking in, leading to the stale records in the Workspace ONE console. It could be that the devices are off or disconnected from the internet, duplicate device records, or their communication flow with Workspace ONE is corrupted. Additional investigation typically is required, most likely physical access to devices is needed given that there is no way to communicate with the devices over the air.

In Workspace ONE UEM, the device last seen time can be visualized in both the Device List View and Device Details View, as seen in Figure 1.

A screenshot of a computer</p>
<p>Description automatically generated

A screenshot of a computer</p>
<p>Description automatically generated

Figure 1: Workspace ONE UEM Device Detail and List View showing device last seen time

With Omnissa Intelligence, the IT team can generate additional insights and tailor reports and dashboards for devices not checking into the console. Here is an example filter for enrolled devices not seen over the past 30 days.

A screenshot of a computer</p>
<p>Description automatically generated

Figure 2: Omnissa Intelligence report filter for enrolled devices not seen over 30 days

With the same report filter, a dashboard widget can also be created to see the breakdown of stale devices by organization group.

A screenshot of a computer</p>
<p>Description automatically generated

Figure 3: Omnissa Intelligence dashboard widget filter for enrolled devices not seen over 30 days

Each organization will have a different threshold on what constitutes a stale device based on its last seen time, whether it’s 30 days, 60 days, or a year or more. 

Aside from device last seen time, other indicators can also be monitored to prevent stale records in Workspace ONE. This includes parameters such as device battery level and device charging state. (Devices with low battery and not being charged are at risk of being lost, creating a stale device record.) The Lost Device Prevention & Device Utilization dashboard template can be used to visualize devices at risk of being lost. This dashboard can be found in the Workspace ONE Intelligence Marketplace under the Dashboard template.

A screenshot of a computer</p>
<p>Description automatically generated

Figure 4: Omnissa Intelligence marketplace showing Lost Device Prevention & Device Utilization dashboard template

Taking Actions on Stale Devices

Reports and dashboards provide more visibility to what’s going on with stale devices in the environment. With that said, it is recommended that actions are taken early to ensure that there are minimal stale devices in the environment.

Here are some common actions that can be taken to manage stale devices.

  • Send user notifications.
  • Create a ticket for the help desk team to locate the devices.
  • Escalate to user’s managers.
  • Wipe/delete the devices, as a last resort.

Building Omnissa Intelligence Freestyle Orchestrator workflows

There are multiple options on how these actions can be executed. Here are a few example workflows to help an organization prevent and manage their stale devices:

Workflow Example #1 – Taking actions if devices are not checking in.

  • If devices are not seen for more than 15 days:
     
    • Send an email out to the user asking them if the devices are still in use.
    • Ask the user to power on the device if it is in use or return the device if it is not in use.
  • If devices are not seen for more than 30 days:
     
    • Communicate to the user that the devices will be sent a wipe command, and they will lose access to corporate resources once the devices are checked in.
  • If devices are not seen for more than 45 days:
     
    • Communicate to the user that the device is being wiped.
    • Send a wipe command/delete device from the console.

This can be built all within one workflow using nested workflow conditions, as seen in Figure 5.

A screenshot of a computer</p>
<p>Description automatically generated

Figure 5: Omnissa Intelligence Freestyle Orchestrator workflow showing escalation path if devices are not seen within a specified timeframe

Workflow Example #2 – Preventing lost devices based on battery data and charge state.

  • If the device's battery is less than 15% and not plugged in:
     
    • Send a Hub push notification to the device, alerting the user to plug in the device.

A screenshot of a phone</p>
<p>Description automatically generated

Figure 6: Omnissa Intelligence Freestyle Orchestrator workflow showing filters and Sent Notifications action if the device battery is less than 15% and not charged

Conclusion

Effectively managing stale device records is crucial for maintaining the security, compliance, and efficiency of your IT environment. Omnissa Intelligence offers the tools and insights needed to monitor and manage these devices proactively. By leveraging real-time analytics, automated alerts, detailed reporting, and actionable insights, organizations can ensure that their device records are always current.

Filter Tags

Workspace ONE Workspace ONE Intelligence Blog Announcement Overview