Delegate365 v9.1 provides basic device management of devices for Scope admins with Microsoft Intune. See a description of the new features here.
Manage devices with Delegate365
When devices are enrolled, they will be visible in Delegate365 in the users module. The Delegate365 sync updates the devices with the users automatically in the background. Any modifications to device settings and operations in Delegate365 are done directly in Azure AD in the same way as all other objects.
- Devices are assigned to a user and are shown in the Users module. Select a user and click on the Devices menu in the right side.
- Managed devices: The Managed devices list shows all devices that are registered for that identity. Depending on the status, Delegate365 provides the following functions: Manage owners, Manage users, Wipe device, Retire device, Sync device, Update device, Remote lock, Remove device. The list of devices can also be exported.
- Manage owners: You can assign multiple owners for a selected device. Search for a user with the people picker and click Set owner.
Manage users: The same works for assigning users to a device. Search for a user with the people picker and click Set user.
Wipe device: The Wipe action restores a device to its factory default settings. The user data is kept if you choose the Retain enrollment state and user account checkbox. Otherwise, all data, apps, and settings will be removed. Click on Wipe and confirm the action.
Retire device: The Retire action removes managed app data (where applicable), settings, and email profiles that were assigned by using Intune. The device is removed from Intune management. This happens the next time the device checks in and receives the remote Retire action. Click on Retire and confirm the action.
Sync device: The Sync device action forces the selected device to immediately check in with Intune. When a device checks in, it immediately receives any pending actions or policies that have been assigned to it. Click on Sync and confirm the action.
Update device: This feature updates the owner type and the managed device name of the device in Azure AD. This works for all managed devices and has no influence on the device itself. As type, select Company, Personal or Unknown. Modify the device name if needed and click Update.
Remote lock: Causes the device lock and to ask for the PIN code or for the unlocking action. The device must run iOS or Android and the user has to unlock the device. Click on Lock and confirm the action.
Remove device: To remove a device, click the Remove device menu. The next time the device checks in, any company data on it will be removed.
- Reports: To see all managed devices from your entitled OU´s admins can generate a report as follows.
The report includes one line per device. For better readability, here´s the provided data as picture for a sample device.
- (Update) Unassigned devices: In Administration / Devices, Delegate365 shows a list of device objects that are registered in the organization but not assigned to any user in an OU. In real world, this mostly are old devices that have been registered but no longer are used by tenant users. Admins can select devices, see assigned owners and users. Devices can be deleted here as well.
In this environment, there are no unassigned devices in the Microsoft 365 tenant.
By managing devices in Delegate365, scope administrators can respond to scenarios to reset company data or the device, for example if users have lost their device or it has been stolen. The managed devices report allows to export devices for users of entitled OU´s. This functionality enables Delegate365 to be used as a simple tool for managing devices.