RoboShadow Blog

RoboShadow Dashboard: Device Management Overview

Written by Terry Lewis | Dec 11, 2023 9:38:52 AM

 

 

The 'Management' dashboard essentially functions as a tool for device management and replication management. One of its primary roles is reconciliation with a primary user store, a crucial aspect during internal penetration tests or audits. Effectively when you have a Penetration Test (internal) they will reconcile with your PUS (Primary User Store) whether it be Azure AD / On-Prem or Google Workspaces to see what machines have logged onto the network / accessed data.

This is in order to see what machines to go after and attack, it's the feral machines that are often overlooked which means you either fail a Penetration Test or worse get hacked in the real world. So effectively knowing where all your machines are and when they last logged onto a Primary User Store is key to a network security strategy.  It is this "maintenance" of ensuring you know where your machines are and whether or not they have the core security counters checked (AV / Firewall / Updates / CVEs) is a great start for a daily "SecOps" style process which is something internal teams can master or external providers can charge a service for in order to keep on top of this simple but critical security hygiene item. 

Reconciliation with Directories

From this view you can see what  "Secure Directory Replication" has been setup to help ensure that you keep on top of your whole estate. You will get an indication below of how your synchronisation is working and when it last updated. You can also click the button to "give it a kick" if for some reason the replication has any issues. 

In the RoboShadow 'Device Sync' dashboard, you can:

  • Reconcile with an on-premise Active Directory. An agent for this can be downloaded directly from the Downloads.

  • Reconcile with Azure Active Directory, which fetches data about devices associated with Office 365 and Azure.

For a full guide on how to set these up, please click here 

 

Monitoring and Addressing Issues

Devices that lack an agent installation may indicate potential issues with automatic RoboShadow installation processes, or highlight rogue machines that are not being checked for security issues.

If a synchronisation issue arises, which is rare but possible, users can:

  • Run a resync for communication with Microsoft 365.
  • In some cases, re-download and reinstall the agent.

Additionally, the dashboard lets users delete devices as per requirements.

Interpreting the Trust Type Data

There are several statuses to understand:

  • Workplace: This stands for "Workplace Joined" and often indicates that someone logged into 365 and downloaded software, possibly on a personal device. Monitoring this is crucial since it can sometimes result in unauthorized access to sensitive data. Effectively if people are running Company versions of Office 365 downloaded from the Company 365 portal then users are likely to have offline email files (OST Files) and Offline OneDrive or Sharepoint files which can be easily attacked on un-protected machines. 

  • Azure AD: This refers to devices set up to log on to Azure Active Directory. Which adds lots of value to security but not super effective from a local group policy perspective without Intune.  You can easily setup RoboShadow to sync with Azure AD using our "One-Click" AD sync in the menu system. 

  • On-Prem AD: These devices have been synchronised with our On-Premise Active Directory connector which can be found in our Downloads section. 

The system efficiently distinguishes between devices to avoid duplication. It can also recognize non-Windows devices, such as Android phones and iPhones.

In essence, the 'Device Sync' dashboard provides a holistic view of device synchronization, helping users manage their cyber infrastructure efficiently. By simplifying complex processes, RoboShadow ensures a secure and streamlined experience for its users. 

If there is anything else you would like to see in this guide please email us , we will answer the question direct then add to this article to help out others find their way. 

Any questions?

You can send us an email at hello@roboshadow.com. Additionally, for our current users, there's a convenient 'Support' option within the RoboShadow console, ensuring you get timely and effective responses.