Forum Discussion

GI472's avatar
GI472
Brass Contributor
Oct 05, 2022
They're all showing as 'Can be onboarded'. I have since done some further digging and I am now pretty sure that they are new laptops that have failed the task sequence during imaging. My main query now is what 'Recently seen by' means. It is changing each time I look at the device page, and it showing real, current devices in our domain.
  • Jonhed's avatar
    Jonhed
    Steel Contributor
    Oct 05, 2022
    In that case, I would assume this list shows the onboarded devices that recently detected the device in question, through the use of Device Discovery.
    • GI472's avatar
      GI472
      Brass Contributor
      Oct 05, 2022
      Hi Jonhed, firstly, thank you for taking the time to reply to me.

      I think you are right on this. Do you know what the 'Recently seen by' is though? I wonder why a newly discovered device that failed during the imaging process is 'Recently seen by' genuine devices on the domain.
      • Jonhed's avatar
        Jonhed
        Steel Contributor
        Oct 05, 2022

        Device Discovery checks network traffic passively, or runs active network scans to find devices not onboarded to MDE inside your network, and this process is run inside your genuine onboarded devices (Win10 and Win11 only I think)

        If the devices that failed during the imaging process, but are still present on the network, they can be discovered by Device Discovery, and the "Recently seen by" should be a list of the devices that noticed said device on the network either passively or actively in the Device Discovery process.

        I have not seen mention of this "Recently seen by" in the docs, so if you want a definitive answer you should probably raise a SR with Microsoft.

Resources