How to Discover Unmanaged Devices

How to Discover Unmanaged Devices Blog Banner

The trend toward hybrid work environments has forced businesses to think about how to protect their organizations from increased use of “bring your own device” (BYOD) endpoints and other new devices. This is no small challenge, as MSPs know. The rise of the remote worker presents one of the biggest changes to the overall cybersecurity landscape that we’ve ever encountered. 

And all of these new, remote devices present a unique risk to your clients. On average, undiscovered BYOD endpoints are 71% more likely to be part of a cyber breach. We know why this is, of course. When security and IT teams don’t have full insight into the devices on a network, they have little ability to set the right security settings and configurations, run updates, and patch OS and software vulnerabilities.

Undiscovered devices pose a threat that every IT professional should be aware of. In this article, we’ll discuss common ways to hunt down undiscovered and unmanaged devices, secure them, and enact policies that minimize this particular threat. 

What are the risks of unmanaged endpoints?

BYOD and remote workers aren’t a new phenomenon. MSPs have been managing them for many years as enterprise networks add a steady stream of new devices that are outside of IT department control. Moves toward mobility and IoT have led to a lot of unmanageable endpoints that represent a clear security risk. 

Smart lighting, Bluetooth keyboards, smart TVs, surveillance cameras, printers, network switches, and routers are all connected devices that often lack any built-in security. When threat actors probe a network for weaknesses, these devices afford an easily exploitable blind spot. 

What constitutes an “unmanaged device”?

Unmanaged devices can be defined as IP-connected devices that do not have an agent or configuration solution installed and are not being secured by an endpoint agent

In this Forrester survey, 69% of respondents stated that half or more of the devices on their networks were either unmanaged or IoT devices outside their visibility. On top of that, 26% indicated they had three times as many unmanaged devices as managed devices on their networks. The study also showed that 79% of enterprise security professionals were very to extremely concerned about device security

How to discover unmanaged devices on the network

There’s a reason there are so many devices lost in these networks: finding unmanaged devices isn’t easy. An MSP can’t simply ask Active Directory to show any device not being managed. It’s possible to compare AD data and network management software manually, but this is a time-consuming and error-prone method. 

What most MSPs use (or need) is a solution that can automatically correlate and deduplicate data to put them on the fastest road to correcting the problem.

Types of data needed when searching for unmanaged devices

In your typical manual hunt for unmanaged devices, you’ll need the following data sources:

  • Network/Infrastructure Data: Gain visibility into all devices within an environment by accessing the network infrastructure
  • Directory Services: Services like Active Directory or Azure AD that authenticate users and devices
  • Endpoint Management Solutions: Services like SCCM and Jamf Pro

Using Microsoft Defender to Discover Unmanaged Devices

Microsoft has added the ability to discover and secure unmanaged endpoints and network devices to Microsoft Defender for Endpoint. Because this is an integrated feature, no hardware deployment or software deployment is needed within compatible IT environments.

Once network devices are discovered using this method, IT administrators will receive the latest security recommendations and vulnerabilities on them. Discovered endpoints can be onboarded to Microsoft Defender for Endpoints. 

Native Microsoft solutions carry obvious limitations. Most MSPs require a solution that is OS/technology agnostic and able to discover any device within any environment. 

Using NinjaOne to Discover Unmanaged Endpoints

NinjaOne makes it easy to ensure that all endpoints are fully managed through automated asset discovery and deployment using Microsoft Active Directory. Periodic scans can be scheduled to identify unmanaged devices and deploy a management agent to the asset seamlessly. SNMP-enabled devices are also easily discoverable by the integral network monitoring probe.

All assets are automatically groupable and searchable by collected data points, making it incredibly fast and easy to find and manage an asset. With flexible custom fields, you can collect almost any data on an endpoint for device classification and management.

How to keep unmanaged endpoints off of the network

In a perfect world, finding and managing unauthorized devices should not be necessary. You know all too well that in real operational networks, new devices will always find their way onto the network. MSPs and their clients can take steps to reduce the number of unauthorized and unmanaged devices on the network, and to find out who is responsible for these devices.

According to the CISA access management FAQ, the following actions can be taken to reduce the number of unauthorized and unmanaged devices that appear on the network:

  • Policy can require administrators to put new devices into desired state inventory before adding them. Often system administrators connect new devices, then patch and configure them on the production network. This provides a window for the devices to be compromised. In addition, the devices are often added to the network before being recorded in Active Directory (or whatever other source of data for the desired state is in use). Getting administrators to keep the desired state up-to-date (edited before the machine appears) will reduce the number of Hardware Asset Management risk conditions.
  • Logging can track when unauthorized and unmanaged devices are connected to the network, what they are connected to, and who has logged onto them. All of this data can help investigate who connected the devices. Once the person is found, letting them know what is expected can prevent the creation of these risk conditions.
  • Employees will need to be trained. There should be consequences for individuals who frequently connect unauthorized devices, and who do so after due warning. While such actions won’t eliminate all unauthorized and unmanaged devices, these actions can lower their incidence rates, which is a positive step.

Challenges around unmanaged devices

While unmanaged devices pose inherent security risks, there are several factors that can affect just how much of a danger they represent. IT providers and organizations should be aware of these challenges and threat multipliers:

Failure to conduct risk assessments

As with the rest of the network, It’s vital to perform risk assessments on unmanaged devices. Are there any known vulnerabilities or configuration issues? This can be difficult when you can’t put an agent on the device, so a flexible (and tech-agnostic) device discovery tool and agent can be very helpful.

Innately risky devices

Certain devices come with serious issues that will be tough to guard against.

Peer-to-peer is notoriously difficult to secure, and research has shown that such devices can be reachable, even through a firewall, remotely over the internet because they are configured to continuously find ways to connect to a global shared network.

It’s important to assess IoT tools and hardware to uncover potential risks and avoid P2P exploits. You should also investigate the device’s firmware update policy and keep these devices updated (as always).

Default configurations/misconfiguration

Configuration issues have led to many data breaches. Widely-known default configs can hand cybercriminals the keys to your network. Simple steps such as changing or deleting the default admin login for your security cameras can go a long way. Passwords and credentials should be carefully managed, and watch out for undocumented backdoor accounts.

Misconfiguration is another big problem. Aside from access control mishaps, users often leave unneeded features switched on, like universal plug-and-play (UPnP), or inadvertently open ports that can serve as access points for attackers.

Lack of network segmentation

Putting a firewall between every device and the internet can prevent hackers from side-stepping through the network. IT professionals should implement network segmentation by sorting unmanaged devices onto their own network segments, separate from your corporate devices and the guest network. This will stop threat actors from using an unmanaged device as an entry point and then moving laterally to exfiltrate data or install malware. There are ways to bypass segmentation, even if you follow all the network segmentation best practices, but this measure is still worth pursuing.

Poor asset management

Any list of cybersecurity best practices — including NIST’s Cybersecurity Framework — will tell you that identifying all the devices on your network is foundational to security. It’s not enough just to scan your network for physically connected devices; devices that connect via Wi-Fi and Bluetooth must also be managed. 

Lack of continuous monitoring

The majority of unmanaged devices are harder to scan than traditional computers connected to a network, so it’s all the more important to monitor their usage/behavior and look for anything suspicious. Log collection, machine learning, and SIEM/SOC all play a role in the modern cybersecurity stack for this key reason. 

Partnering with NinjaOne

Complete visibility is critical to effective management. NinjaOne is here to help MSPs manage their business efficiently and securely. Thousands of users rely on our cutting-edge RMM platform to navigate the complexities of modern IT management. 

Not a Ninja partner yet? We still want to help you streamline your managed services operation! Visit our blog for MSP resources and helpful guides, sign up for Bento to get important guidance in your inbox, and attend our Live Chats for one-on-one discussions with channel experts. 

If you’re ready to become a NinjaOne partner, schedule a Demo or Start Your 14-day Trial to see why over 10,000 customers have already chosen Ninja as their partner in secure remote management.

Next Steps

For MSPs, their choice of RMM is critical to their business success. The core promise of an RMM is to deliver automation, efficiency, and scale so the MSP can grow profitably. NinjaOne has been rated the #1 RMM for 3+ years in a row because of our ability to deliver an a fast, easy-to-use, and powerful platform for MSPs of all sizes.
Learn more about NinjaOne, check out a live tour, or start your free trial of the NinjaOne platform.

You might also like

Ready to become an IT Ninja?

Learn how NinjaOne can help you simplify IT operations.

Watch Demo×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).