Hi,
is there a way to get an alert when new device is enrolled or in case existing device is deleted with info about customer and owner.
Good question. I had An agent get jacked on one of my servers and stopped receiving alerts for that server. Would have been nice to get some type of alert telling me that the agent failed or wasnt working properly.
@msp_security
When enrolling a new device, you can utilize a profile that runs a procedure upon successful profile assignment. What you include in the ‘procedure’ will be all up to you (install an app, trigger an alert, etc.).
Deleting a device though will be a different scenario as ‘deleting’ can only be performed on the Endpoint Manager (EM). Actions performed in the EM can be found in the Audit Logs. You will not be able to ‘delete a device’ from the EM if you just uninstall the ITarian Client Communication (ITC, formerly CCC or ITSM client) from the device. An entry of the device will still be in the EM but you will not be able to manage it. Setting up a monitor to check for the presence of the ITC service (ITSMservice) will not help you as the ‘service’ that does the reporting would have been removed already. A better approach would be to set up methods to prevent such a scenario (Client Access Control setting in the Profile, ‘office rules’, etc.).
@jmock
To add with what I mentioned above, you can get an alert if ‘the agent failed or wasn’t working properly’ by setting up a monitor about the ‘device status’ (online/offline). This is the closest that you can get with what you want to achieve (at least with the available functions in the EM currently). ‘Monitoring’ the ITC service is already something that is intrinsic to the client-server communication. If the server fails to get an ‘update’ from the client service within a certain period of time, then the device registers as offline on the EM. Alerts are triggered based on the conditions you have set up in the monitor.
Hi @Rick_C,
thanks for quick reply.
- The problem with profiles I have is that when I create custom profile and set it to be default, it exists alongside default admin created profile that triggers things I don’t want to have in a profile. I can only do that by applying my custom profile via Manage profiles. It should be default action to have only one default profile per OS.
- For device delete, my concern is that user can accidentally delete device from EM. I would like to disable this option from their role, but there is no such an option as far as I know.
- I have tested audit capabilities of Audit log and there is no event connected with Device delete actions. Also, alongside date information, there should be a time information HH:mm.
- I would be interested to see what events are logged by default and to have option to include or exclude some events.
Hello @msp_security,
- The problem with profiles I have is that when I create custom profile and set it to be default, it exists alongside default admin created profile that triggers things I don’t want to have in a profile. I can only do that by applying my custom profile via Manage profiles. It should be default action to have only one default profile per OS.
-If you are to enroll devices which will need a custom profile of your choice, you may use a bulk installation package to select your preferred profile. For changing a profile to a group or device, it is by designed to access Manage Profile to review and check other profile associated with the group or devices to lessen the possible conflict with any custom settings you might have created. The more restrictive profile takes priority on its settings
- For device delete, my concern is that user can accidentally delete device from EM. I would like to disable this option from their role, but there is no such an option as far as I know.
-You may disable/enable Delete device and Delete EM users from EM portal Role Management.
For the third and fourth, we will have this open as a feature request to our development team.
Thank you
Hello @Samuel_C,
I have created another role in EM and removed permission for Device delete. But, to my surprise, user to whom this role was assigned can go to user list and change his role to admin or whatever. By me, it would be logical that if you create customized role and remove some permissions from it, user to whom this role would be assigned would automatically lose permission to change his own role or modify roles in general.
Hello @msp_security ,
Yes, it should work as expected. Once you remove the permission the user should`nt have the ability to change his role.
Being said, we want to further investigate the issue and support team will get in touch with you shortly via email.
KRegards,