Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Incidents tab
  3. About Incidents

Category filter

Endpoint Incidents in Hexnode UEM: Device-Level Health Monitoring

Jump To

Architecture Snapshot: The Endpoints section provides a consolidated telemetry view of all device-level issues. These incidents are dynamically generated to help administrators monitor fleet health, detect non-compliance, and ensure that Hexnode configurations (policies, restrictions, and commands) are executing as intended on the hardware level.

What are Endpoint Incidents?

Endpoint incidents are state-driven events triggered when Hexnode detects abnormal configurations, security parameter gaps, or communication breakdowns. They function as a real-time audit of whether enrolled endpoints continue to meet organizational security standards.

Detection Mechanism

Hexnode generates an endpoint incident automatically whenever:

  • A configuration, restriction, or compliance rule fails to apply.
  • A managed device fails to communicate with Hexnode servers within a defined heartbeat interval.
  • Hardware thresholds (CPU, RAM, Battery) are breached.

Endpoint Incident Sources Matrix

Source Detection Logic and Security Impact
Endpoint Compliance Detects Rooted/Jailbroken states, Geofence violations (moving outside boundaries), and general Compliance Policy deviations.
Command Failures Tracks instances where Policies or Certificate deployments fail to run, identifying potential security gaps in encrypted communication.
High Usage Detected Breach alerts when Memory (RAM) or Processor (CPU) usage exceeds 90%, indicating performance degradation or malicious background processes.
Owner Updates Flags changes in device ownership, including ownership updates during re-enrollment, to maintain asset accountability.
Cellular & SIM Monitors for SIM removal or SIM changes, critical for tracking lost or stolen corporate assets.
Kiosk Exits Logs unauthorized or administrative Kiosk Mode exits, ensuring dedicated-purpose devices remain locked to their intended apps.
Encryption Reports status for BitLocker (Windows) or FileVault (macOS). Failure incidents indicate the device is non-compliant with data-at-rest security standards.
Disenrollments Tracks Inactive devices (long-term offline), User-initiated disenrollments, and Admin-initiated removals.
Battery Health Flags devices reporting poor performance, such as holding less than 50% charge after a full cycle, to facilitate proactive hardware replacement.

Operational Importance

Tracking endpoint incidents ensures three core UEM outcomes:

  • Continuous Compliance: Maintains the security posture by identifying risky states (rooted/unencrypted) immediately.
  • Issue Escalation Prevention: Identifies misconfigurations (command failures) before they impact user productivity.
  • Fleet Governance: Ensures strict policy enforcement across globally distributed managed devices.
Remediation Example: If an organization enforces mandatory disk encryption on Windows laptops and the BitLocker command fails due to a TPM error, Hexnode logs an Encryption Failure incident. The admin can then isolate these specific endpoints for immediate technical intervention.

 

Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Incidents tab