Devices overview
Understanding and ensuring compliance of your organization's devices is crucial to maintaining a strong security posture. The Devices area in XFA now combines a device-centric and a people-centric overview so administrators can quickly validate inventory, track onboarding progress, and act on risks.
Navigate the Devices overview
The page is split into two tabs: Devices and People. Use the gear icon on either tab to tailor the visible columns to the context you need.
Devices tab
This tab lists every device discovered or verified within your organization. Each row includes:
Device name
: The display name that helps you recognise the endpoint at a glance.Owner
: The person responsible for the device.Hardware & software
: Key facts about the operating system, patch level, and installed software that are relevant for compliance checks.Issues
: The number of failing checks relative to the selected policy. Pick a specific policy in the top-right filter or switch toActual device security
to evaluate the device against every available check.Verification status
: Indicates whether the device has completed the verification flow.Managed by
: Shows whether the device is user-managed or managed by the organization.
From the action menu on each row you can:
- Reset 2FA for the device.
- Request the owner to verify the device (a verification email is sent).
- Inform the owner about current risks (a risk email outlining failing checks is sent).
- Remove the device from the organization.
People tab
This tab groups devices by person so you can track onboarding progress per user. The table shows the user's name, email address, all associated devices with their compliance state, and the onboarding status.
Onboarding statuses:
Discovered
: The user was found via discovery but has not received an invite yet.Invited
: An invite email was sent, but the user has not started onboarding.Onboarding
: The user is in progress—some devices are already verified.Onboarded
: Every device for that user is affiliated and verified.
Available actions per person are resend invite, reset 2FA, and remove user.
Finding Devices
Use the global search at the top of the page to quickly locate devices or people by display name, email address, or security status. Filters and the policy selector on each tab help you drill down to the riskiest assets first.
Need the exact device? Search by device name, security status (for example At risk
), or the owner’s email to jump straight to the relevant tab and row.
Methods to onboard devices:
- Discovery: Link your identity provider (IdP) to XFA. XFA reads authentication logs and derives the devices used by each user from these logs. This will lead to a full overview of all discovered devices without verified information.
- Emails: Users receive an email, either triggered through awareness for previously discovered devices or manual invitations, prompting them to verify their device. This involves installing the XFA app and completing the verification flow.
- Enforcement: When users attempt to use an application or log in, XFA ensures that the device must share its compliance status and meet the organization’s security requirements before allowing the user to complete the login process.
Once devices are sharing their security status, they periodically sync with XFA to ensure the latest data is available.
Device details
Click a device to open its dedicated detail page. The detail view aggregates all available telemetry and validates the device against every defined policy by default. The top-right selector lets you focus on a single policy or switch back to Actual device security
for an all-checks evaluation. The lower part of the page lists every device check, highlights failing items, and shows which policy each failure impacts so you can prioritise remediation.
Conditional Access
XFA integrates with platforms such as Google Workspace, Microsoft, and Okta to enforce conditional access policies. This ensures that only compliant devices can access your organization’s sensitive data and systems.
For example, a device failing to meet encryption standards may be restricted from accessing email or cloud storage.
For further details, explore the Policies and Awareness documentation.