Device Details

Overview

This page shows you details regarding a single device.

The left side of the page will show device metadata incl. the device's owner, OS and serial number.

The right side will show one of multiple tabs. The default Overview tab view will include information (if available) like

  • The currently logged on user

  • Currently installed apps/software, either managed bei RealmJoin or Intune

  • Security recommendations and if these are met by the device

Object Types

The category "devices" includes:

  • AzureAD joined clients, like modern workplace clients

  • AzureAD registered devices, like user-owned phones and tablets

  • Other devices, like printers used by MS Universal Printing or SurfaceHubs

Object Properties

Every device details page will show an overview of the core properties like

  • Display Name

  • AzureAD Object ID

  • Owner of the device

  • Operating System

  • Additional properties

on the left side of the screen in a glanceable way. This part will not scroll and be always visible in any tab.

Status information

The core properties include some glanceable information about the status of a device object. Some statuses these are presented via icons that are either blue (active / present) or red (inactive missing).

Other bits of information are presented as tags:

  • AzureAD - This device is AAD Joined

  • TPM2 - TPM2 is present and enabled

  • Autopilot - This device is managed via Autopilot

  • Company - Company Owned (not Personal)

  • Personal - Personal, not Company Owned

Local Admin Management (LAPS)

When combined with the RealmJoin Client, RealmJoin Portal can help with support tasks on windows clients that need local admin permissions by offering on-demand support accounts on clients. In many cases this removes the need to grant local admin permissions to the primary user of the device just to solve a one-time need.

By default, a local admin emergency account is created on a windows client. This account is useable even if network connectivity to the client fails. This is kind of a last resort.

It is recommended to use a "Support Account". When clicking "Request", a job is created/queued and RealmJoin Client will create an on-demand local admin account next time it syncs to the backend. This can take up to 30 minutes or alternatively a "Sync this device" can be triggered on the client to speed up the process. RealmJoin Portal will show state of "Requested" until the account is created and automatically switches to a view similiar to the Emergency Account when ready:

Click the dots to reveal the password.

The Support Account will automatically be removed after 12 hours.

See the LAPS documentation for more details.

Warranty

Use the Warranty tab to display information like remaining vendor warranty time for supported vendors/devices.

Depending on the API used, a captcha might be displayed before requesting/displaying warranty information.

Actions

You can use the button Sync to trigger a Sync of Intune Policies and RealmJoin Action, like queued LAPS account creations.

Scan to trigger a (quick) scan of Windows Defender on a managed client.

Other Tabs

The right side of the screen shows the contents of the current tab, which can be

  • "Runbooks" showing available runbooks for devices.

  • Raw data sources, like AzureAD, Sign in logs etc. displayed as JSON. Only available for RealmJoin administrators.

Last updated