Microsoft Entra ID Device Registration Status Test
Administrators register devices with Microsoft Entra ID to securely manage access to corporate resources. Entra ID supports features like Single Sign-On (SSO), conditional access, and Intune integration, ensuring that only trusted, compliant devices can access apps and data. This enhances security, supports remote work, and reduces administrative effort. If devices are not properly registered, it becomes difficult to enforce security policies, detect unauthorized devices, and prevent data breaches. To avoid such issues, administrators can use the Microsoft Entra ID Device Registration Status test to monitor the registration state of devices.
This test monitors the devices in the target physical desktop group, and reports whether each device is properly configured and connected to the Entra ID/Active Directory, both in the cloud and on-premises. This also reveals the secure device registration, connectivity to Entra ID, availability of required tokens and certificates, and overall device health and trust status. This ensures that devices can reliably authenticate, access both cloud and on-premises resources, and comply with organizational security policies.
Target of the test : A Cloud Desktop Group
Agent deploying the test : A remote agent
Outputs of the test : One set of results for every cloud desktop being monitored
| Parameter | Description |
|---|---|
|
Test Period |
How often should the test be executed. |
|
Host |
The nick name of the Cloud Desktop Group component for which this test is to be configured. |
|
Port |
Refers to the port at which the specified host listens to. By default, this is NULL. |
|
Report Powered OS |
If this flag is set to Yes (which is the default setting), then the 'inside view' tests will report measures for even those physical desktops that do not have any users logged in currently. Such desktops will be identified by their name and not by the username_on_physicalmachinename. On the other hand, if this flag is set to No, then this test will not report measures for those physical desktops to which no users are logged in currently. |
|
Report By User |
This flag is set to Yes by default. This implies that the physical machines in environments will always be identified using the login name of the user. In other words, this test will, by default, report measures for every username_on_physicalmachinename. |
| Measurement | Description | Measurement Unit | Interpretation | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Is device joined to Microsoft Entra ID? |
Indicates whether/not this device is joined to the Microsoft Entra ID. |
|
The values reported by this measure and its numeric equivalents are mentioned in the table below:
Note: By default, this measure reports the Measure Values listed in the table above to indicate whether each device is joined to the Microsoft Entra ID. The graph of this measure however, represents the measure values using the numeric equivalents only. |
||||||||||
|
Is device joined to On-Premises DRS? |
Indicates whether/not this device is used On-Premises DRS to join the Microsoft Entra ID. |
|
On-premises Device Registration Service (DRS) allows domain-joined Windows devices to register automatically with Microsoft Entra ID. This enables modern management features like Conditional Access, Single Sign-On (SSO), and mobile device management, even for on-prem systems. The values reported by this measure and its numeric equivalents are mentioned in the table below:
Note: By default, this measure reports the Measure Values listed in the table above to indicate whether each device is used on-Premises DRS to join the Microsoft Entra ID. The graph of this measure however, represents the measure values using the numeric equivalents only. |
||||||||||
|
Is device joined to Active Directory? |
Indicates whether this device is joined to the Active Directory. |
|
The values reported by this measure and its numeric equivalents are mentioned in the table below:
Note: By default, this measure reports the Measure Values listed in the table above to indicate whether each device is joined to the Active Directory. The graph of this measure however, represents the measure values using the numeric equivalents only. |
||||||||||
|
Device state |
Indicates the current registration status of this device. |
|
The values reported by this measure and its numeric equivalents are mentioned in the table below:
Note: By default, this measure reports the Measure Values listed in the table above to indicate the current registration status of each device. The graph of this measure however, represents the measure values using the numeric equivalents only. |
||||||||||
|
Device health |
Indicates whether this device is joined and registered correctly with Entra ID. |
|
The values reported by this measure and its numeric equivalents are mentioned in the table below:
Note: By default, this measure reports the Measure Values listed in the table above to indicate the current registration status of each device. The graph of this measure however, represents the measure values using the numeric equivalents only. |
||||||||||
|
Device certificate validity |
Indicates to the time period during which the digital certificate issued to this device remains valid and trusted. |
Minutes |
A device certificate is used to authenticate the device to services like Microsoft Entra ID, ensuring secure communication and confirming the device's identity. |
||||||||||
|
Is device private key stored in Trusted Platform Module? |
Indicates whether/not private key of this device is stored in Trusted Platform Module. |
|
The values reported by this measure and its numeric equivalents are mentioned in the table below:
Note: By default, this measure reports the Measure Values listed in the table above to indicate whether private key of each device is stored in Trusted Platform Module. The graph of this measure however, represents the measure values using the numeric equivalents only. |
||||||||||
|
Device registration endpoints connectivity |
Indicates whether/not this device is able to connect with Microsoft Entra ID service URLs during the device registration or join process. |
|
The values reported by this measure and its numeric equivalents are mentioned in the table below:
Note: By default, this measure reports the Measure Values listed in the table above to indicate whether each device is able to connect with Microsoft Entra ID. The graph of this measure however, represents the measure values using the numeric equivalents only. |
||||||||||
|
Is primary refresh token present in device? |
Indicates whether/not the primary refresh token is present in this device. |
|
The values reported by this measure and its numeric equivalents are mentioned in the table below:
Note: By default, this measure reports the Measure Values listed in the table above to indicate whether the primary refresh token is present in each device. The graph of this measure however, represents the measure values using the numeric equivalents only. |
||||||||||
|
Is primary refresh token fetched from ADFS? |
Indicates whether/not the primary refresh token is fetched from ADFS. |
. |
The values reported by this measure and its numeric equivalents are mentioned in the table below:
Note: By default, this measure reports the Measure Values listed in the table above to indicate whether the primary refresh token is fetched from ADFS. The graph of this measure however, represents the measure values using the numeric equivalents only. |
||||||||||
|
Is Cloud Kerberos ticket available to access on-premises resources? |
Indicates whether/not Cloud Kerberos ticket is available on this device to access on-premises resources. |
|
The values reported by this measure and its numeric equivalents are mentioned in the table below:
Note: By default, this measure reports the Measure Values listed in the table above to indicate whether Cloud Kerberos ticket is available on each device to access on-premises resources. The graph of this measure however, represents the measure values using the numeric equivalents only. |
||||||||||
|
Is Cloud Kerberos ticket available to access cloud resources? |
Indicates whether/not Cloud Kerberos ticket is available on this device to access cloud resources. |
|
The values reported by this measure and its numeric equivalents are mentioned in the table below:
Note: By default, this measure reports the Measure Values listed in the table above to indicate whether Cloud Kerberos ticket is available on this device to access cloud resources. The graph of this measure however, represents the measure values using the numeric equivalents only. |
