Managing Devices with Tenant Manager

Managing Devices with Tenant Manager

Technical Guide:

Device Management in Tenant Manager

Overview
The Tenant Manager platform provides centralized device management capabilities for devices enrolled in a tenant environment. Administrators can view device information, monitor health, perform security actions, and execute management operations directly from the Tenant Manager portal.
This guide outlines how to access a device within Tenant Manager and perform common device management tasks such as syncing devices, running security scans, retrieving diagnostics, and executing remediation scripts.

Prerequisites

Before performing device management actions, ensure the following requirements are met:
  • Tenant Access
    You must have access to a registered tenant within the Tenant Manager platform.
  • Administrative Permissions
    Your account should have sufficient administrative privileges to perform device management operations.
  • Enrolled Device
    The device must be enrolled in the tenant environment and visible within the Tenant Manager dashboard.








Device Management Steps

  1. Access the Tenant Manager Portal

Log in to the Tenant Manager portal using your administrative credentials. Once logged in, navigate to the tenant environment containing the device you want to manage.

  1. Open the Device Details

Locate the device from the tenant dashboard. Click on the device name to open the Device Details panel.


This panel provides multiple tabs for reviewing device information and performing management actions.
  1. Device Information Overview
Within the Overview tab, you can review key device details such as:
  1. Basic Information
  • Device Name
  • Primary User
  • Enrolled By
  • Operating System
  • Enrollment Date
  • Last Sync Time




  1. Security & Compliance
  • Compliance State
  • Registration State
  • Join Type
  • Management State
  • Lost Mode Status
  • Last Compliance Contact
  1. Device Guard
Displays device protection status including security features currently running.

Hardware Information


The Hardware Information section contains multiple tabs that display detailed system hardware information, including:
  1. Basic Details
  • Manufacturer & Model
  • Serial Number
  • Entra & Intune Device ID
  • Owner Type & Enrollment Profile
  1. Network Information
Within the Network section of the device overview, administrators can view:
  • IP Address
  • Ethernet MAC Address

  1. Security & Storage Information
This tab shows:
  • Device Encryption status
  • TPM Specification, Manufacturer and Version
  • Device License Status
  • Autopilot Enrollment Status
  • Total Storage
  • Free Storage
  • Used Storage
  1. Viewing User Information
Navigate to the User Info tab to view details about the primary device user.
This section includes:
  • User Name
  • User Principal Name
  • Account Status
  • User Type
  • Account Creation Date
  • Email Address
  • Business Phone Numbers



  1. Device Health
The Device Health tab provides insights into the operational health and status of the device. This section helps administrators identify potential system issues by displaying health metrics related to device configuration, connectivity, and operational status.
This information is useful for quickly diagnosing whether a device is functioning normally or requires remediation actions.

  1. Timeline
The Timeline tab provides a chronological view of device-related activities and events.
This section records important operational and administrative actions performed on the device, helping administrators understand what has occurred on the system over time. Each event is displayed with a timestamp, allowing administrators to easily trace device activity history.
The timeline is particularly useful when troubleshooting issues or verifying when a specific action was executed.

  1. Device Actions
To execute management tasks on a device:
  1. Select the Actions tab from the left navigation panel.
  2. The Device Actions page will display multiple management options.

  1. Basic Device Actions
These actions help maintain device connectivity and collect troubleshooting data.
Available actions include:
  • Sync
    Forces the device to synchronize with management services.
  • Restart
    Remotely restarts the selected device.
  • Collect Diagnostics
    Collects system diagnostics data for troubleshooting.
  • Locate Device
    Attempts to retrieve the current location of the device.


  1. Security Actions
These actions help administrators maintain device security.
Available options include:
  • Remote Lock
    Locks the device remotely to prevent unauthorized access.
  • Reset Password
    Resets the user password associated with the device.
  • Quick Scan
    Performs a quick security scan using Microsoft Defender.
  • Full Scan
    Runs a complete malware and threat scan.
  • Update Defender Intelligence
    Updates Microsoft Defender threat intelligence definitions.
  • BitLocker Key Rotation
    Rotates the BitLocker encryption key for improved security.
  • Rotate Local Admin Password
    Updates the local administrator password on the device.
  1. Device Management Actions
These actions assist with device configuration and remote assistance.
Available options include:
  • Rename Device
    Allows administrators to rename the device remotely.
  • Pause Config Refresh
    Temporarily pauses configuration updates for the device.
  • New Remote Assistance
    Initiates a remote support session with the device user.
  • Fresh Start
    Reinstalls Windows while removing unnecessary applications.
  1. Destructive Actions
These actions should be used with caution as they may permanently affect the device.
Available options include:
  • Retire
    Removes the device from management while keeping user data intact.
  • Wipe
    Performs a full reset and removes all device data.
  • Delete
    Removes the device record from the Tenant Manager system.
  1. Running On-Demand Remediations
Tenant Manager also allows administrators to run remediation scripts directly on devices.

To run a remediation:
  1. Navigate to the Actions tab.
  2. Scroll to the On-Demand Remediations section.
  3. Locate the desired remediation script.
  4. Click Run next to the script.
These scripts can automate troubleshooting and corrective actions across managed devices.
  1. Post-Action Verification
After executing a device action:
  • Allow a few moments for the command to process.
  • Refresh the device page.
  • Verify the Last Sync Time and Device Status to confirm the action has completed.
  1. Entra ID
The Entra ID tab displays identity-related information associated with the device in Microsoft Entra ID.
This section allows administrators to review identity attributes that are tied to the device registration within the tenant directory.
Information available in this section may include:
  • Entra Device ID
  • Display Name
  • Account Enabled
  • Compliance Status
  • Trust & Profile Type
  • Device Registration Date
  • Last Sign In
This tab helps confirm whether the device is correctly registered and synchronized with Microsoft Entra ID services.




  1. Defender
The Defender tab provides security information related to Microsoft Defender on the device.
This section allows administrators to review the device's protection status and monitor Defender security operations.
Typical information displayed includes:
Defender Scan Status: Shows whether Quick Scan or Full Scan is overdue, along with Last scan timestamp.
Version Information: Shows Defender details like:
    • Defender Version
    • Engine Version
    • Signature Version
    • Last Signature Update
Administrators can use this section to confirm that endpoint protection services are functioning correctly and that the device is protected against threats.




  1. LAPS & BitLocker Key
The LAPS & BitLocker Key tab provides secure access to important device security credentials. Administrators can click on **Show Password** to reveal the password whenever a privileged access to the device is required.
Additional information available in this section includes:
  • Device ID & Name
  • Last LAPS Backup
  • Last Refresh Date
This tab ensures that critical recovery credentials are centrally accessible while remaining securely managed.


  1. Group Assignments
The Group Assignments tab displays the Azure/Entra groups to which the device is currently assigned.
This section helps administrators understand how policies, applications, and configurations are being applied to the device through group memberships.

  1. Discovered Apps
The Discovered Apps tab provides an inventory of all applications detected on the device. Tenant Manager retrieves this information from device management services to give administrators visibility into installed software.
Discovered applications include both managed and unmanaged software present on the device.

  1. Managed Apps
The Managed Apps tab displays applications that are deployed and managed through device management policies. Unlike the Discovered Apps section, this tab specifically focuses on applications that are controlled through the organization's device management system.
This section helps IT administrators monitor the deployment and health of enterprise applications across managed devices.

  1. Device Configs
The Device Configs tab provides visibility into configuration policies applied to the device.
These configuration policies are typically deployed through Microsoft Intune or other device management services. The tab displays configuration policies along with their deployment status.
Typical information shown includes:
  • Policy Name
  • Policy Status
  • Last Modified Date

This tab is particularly useful for validating that security and configuration policies have been correctly deployed.

  1. Compliance
The Compliance tab displays compliance policies assigned to the device and their current status.
Compliance policies ensure that devices meet the organization's security and configuration requirements before accessing corporate resources.
Within this tab, administrators can review:
  • Compliance Policy Name
  • Compliance Status
  • Assigned User
  • Last Compliance Check Time
Compliance status may include states such as:
  • Compliant
  • Non-Compliant
  • Error
  • Not Evaluated
If a device becomes non-compliant, administrators can investigate the cause and take corrective action to restore compliance.



  1. AI Chat
The AI Chat tab provides an AI-powered assistance interface within Tenant Manager.
This feature allows administrators to interact with the system using natural language to retrieve device insights or troubleshoot issues. Administrators can ask questions related to device health, configuration status, compliance issues, and recommended remediation steps.
This feature helps simplify troubleshooting and improves operational efficiency by providing quick insights into device data.
Post-Management Monitoring
After performing any device management operation, administrators should monitor the device status to confirm that the requested action has completed successfully.
This can be verified by reviewing:
  • Device Timeline
  • Last Sync Time
  • Compliance Status
  • Device Health indicators
If the action does not reflect immediately, allow several minutes for the device to communicate with the management service and refresh the device details page.


    • Related Articles

    • Tenant Manager Sign-Up

    • Tenant Manager Sign-Up

    • Managing Guest Access

      Overview This document explains how to grant access to external users to the SoftwareCentral Tenant Manager platform. For MSPs, this is useful when customers require access to their tenant to perform actions such as viewing reports. Prerequisites ...

    • Managing custom templates

      Overview This document provides a step-by-step workflow for creating custom templates within the SoftwareCentral Tenant Manager platform. Custom templates can be used when you need to define a standardized baseline that can be applied across multiple ...

    • Tenant Onboarding