Free Edition This document explains about the computers for approval feature and steps to configure it.
The "Computer(s) for Approval" tab, located within the "Computers" view, displays a list of computers with the Endpoint Central agent installed, awaiting approval from the system administrator. Approval is necessary for establishing communication with the Endpoint Central server. Once approved, these computers move to the "Managed Computers" category, where server configurations are applicable.
If a managed computer is found to be behaving abnormally, its agent will be isolated and blocked from communicating with the server until an administrator manually approves it again. Kindly note that Agent Re-approval feature was introduced in build 11.4.2540.01
In cases where the Endpoint Central agent is installed on a client computer without the system administrator's knowledge, the "Computer(s) for Approval" feature ensures that further communication with the server is established only after approval. Computers in the approval queue have the agent installed, but the server rejects all status updates until approval.
Computer(s) for Re-Approval prevents unauthorised access to server from unknown endpoints. At this stage, the computer will require manual Re-Approval before it can resume communication with the server.
To activate approval settings, navigate to the web console: Agent > SoM settings > Approval Settings > Enable "Computer(s) for Approval" option. Without enabling this option, all computers with the installed agent will automatically move to Managed Computers.
Once enabled, go to Computers > Computer(s) for Approval Tab. Here, you can approve or decline computers for management. When declined, communication with the server will be terminated.
If you decline instead of approving the computers to be added to scope of management, it will be viewed under Agent > Computers > Computer(s) for Approval with declined computers filter
If you approve declined computer, agent installation will be triggered to that computer.
The details regarding declined computer will be saved in the server for 90 days, by default. You can modify it by navigating to Agent > Computers > Computer(s) for Approval > Cleanup Settings
The computers that fall under any of the below default criteria will be automatically approved: Computers that are synced from Active Directory, computers that are enrolled in MDM(Azure, ABM, Self-enrollment, Enroll via Invite), Computers that are added manually via Import computers and Add computers, If the agent is deployed via OSD Imaging
You can configure criteria based on your environment to automatically approve the computers after a successful manual agent installation.
The criteria include DNS Domain Name, Computer Name, Domain Name and IP Address(es)
The following are known scenarios that can cause a computer to enter the Re-Approval stage:
If none of the above scenarios match your case:
Once the computers match the above criteria, it will be moved to re-approval section. It can be viewed under Agent > Computers > Computers for Re-Approval with Re-Approve as filter under Approval Type.
If you enable notify admin/technicians on daily basis about the computer(s) that are waiting for approval, you will be notified via email you provide or through mobile app