AssetSonar strives to make Its application a single source of information and management for all IT devices in an organization. Since most organizations use Mobile Device Management (MDM) platforms like Intune, Kandji, and Google Workspace to manage assets in their ecosystem, AssetSonar integrates with these major MDMs to streamline the discovery, deployment, and monitoring of these devices.
Our MDM Management Commands feature allows IT administrators to perform MDM device actions from within AssetSonar without having to switch between applications. Users will be able to perform security functions like device lock, retire, and reset passwords for all devices that are being tracked through AssetSonar.
Note: This feature is currently only applicable for Microsoft Intune and Kandji integrations.
Benefits of MDM Management Commands
Allowing users to take actions on devices directly from AssetSonar is important in making the software a single source of device management. In case of a lost or stolen device, your IT teams will be better equipped to minimize the consequences by keeping the information on the device secure and avoiding any potential data breach.
Here is how the MDM Management Commands feature can help you:
- Enhances security and helps prevent unauthorized access to sensitive information.
- Faster incident resolution and reduced device downtime.
- Provides an accurate account of actions taken on the device and this historical data is useful for auditing and compliance purposes later on.
- Consolidates IT asset management and mobile device management reports to give you a comprehensive view of the entire IT infrastructure.
Enabling MDM Management Commands
Before enabling the MDM Management Commands feature, please make sure that you have already enabled the relevant integration. For example, if you want to set up commands for devices brought in through Kandji, you must set up the Kandji integration beforehand. Once you enable the integration, you’ll be able to view its MDM Management Commands options. If you haven’t enabled any integration beforehand, you’ll get a popup with a reminder to enable the integration. Here is a screenshot of how this alert would appear on your screen:
To enable the setting, follow this pathway: Settings -> Integrations -> Mobile Device Management & Network Discovery -> MDM Management Commands.
Click on ‘Enabled’ and a new popup will appear, prompting you to verify your identity and authorize these commands through a One Time Password (OTP).
Due to the sensitivity of the feature, an OTP will also be emailed to the Account Owner from where they can retrieve the passcode and authorize setting up the management commands.
Now, you’ll be able to view all your enabled integrations this feature is applicable for. There would also be dropdowns of supported commands for every integration.
Now let’s see how to set up these commands for different integrations successfully:
Microsoft Intune
MDM management commands allow you to lock and retire Mac, iOS, and Android devices brought in through Microsoft Intune. Choose the desired commands from the dropdown and you’ll be redirected to the permissions page on Microsoft Intune. Here is a snippet of the page:
Check the box for ‘Content on behalf of your organization’ and then hit ‘Accept’.
Kandji
By enabling MDM Management Commands for Kandji, you can lock devices brought in through this integration. Choose the command from the dropdown and then click on ‘Grant Permissions’ button as shown:
Clicking the button will open a new Kandji tab with the following pop-up:
Clicking on ‘Configure’ will open a new page. Click on the ‘Lock Device’ option and then click on ‘Save’.
Once you have chosen the relevant actions that can be taken on devices through AssetSonar, hit the ‘Update’ button on the top right and you’ll be all set to use this feature.
Note: Please note that only Account Owners, and Admins with access to company settings, and Admins explicitly allowed through custom roles can perform these commands.
Admin with MDM access
If the Account Owner wants to grant permission to another user to take these actions, they can create a custom role. Please note that this option will only be available once you have enabled the ‘MDM Management Commands’ setting.
From the Members & Access module, go to the Roles tab and click on the ‘Add Role’ button on the top. Under the Advanced Permissions tab, click on the ‘Admins with MDM Access’ tab and check the permissions you want to grant to the user. Here is a snippet of how these permissions look:
Once you have chosen the relevant permissions, click on ‘Done’ to finish creating this new role.
Please note that you’ll only be able to check permissions for the integrations that are already enabled.
Alerts
You can also set up alerts for any actions initiated by an Account Owner or an Admin with MDM access. If you set up alerts for MDM Management Commands, a notification will be sent out every time a command is initiated, failed, or completed. Here is a snippet of the email a user receives for MDM Management Commands.
From the Alerts module, go to Integrations and check the options that you want to enable the alert for, as shown:
Taking actions on assets
On an asset’s detail page, scroll down to the Connected Sources table. You’ll be able to view if any MDM actions have been performed on the asset and the status of these actions.
To take a new action on an asset, click on the three dots under the Actions column and you’ll be able to view the commands options in a dropdown as shown:
Now let’s go through the steps of locking a device.
Similar to the wiping process, click on the Lock option from the relevant Connected Source. A new pop-up will appear as follows:
Enter the Phone Number and the message you want to show when someone tries to unlock the device. Now click on the ‘Lock Device’ button. Once you have successfully locked the device, you’ll get a pop-up message on top of the asset details screen. Additionally, the action would be reflected in the Connected Sources table under the Last Actions column as shown:
Hovering your cursor over the lock icon will give you the PIN code required for unlocking the device.
You’ll also be able to view the MDM Management Commands history by clicking on More and then on ‘Management Commands History’ as shown:
A new overlay will appear where you’ll be able to view the MDM Management Commands actions performed on the asset in the past along with their status. Here is a snippet of this pop-up:
Report for MDM Management Commands
You can also run a report to get details on the MDM commands performed on different devices over a certain period. In the Reports section, there is a pre-configured report for MDM Management Commands History but you can also create a custom report for even more details. Here is a screenshot of how this report looks:
