Advanced searching
As data sets get larger, it is increasingly important to have a powerful search. You can use advanced search to build complex queries using the full set of available criteria (see Using the query builder and Using both the query builder and manual editing.) You can also create a new label using the advanced search criteria.
To access advanced search:
- Log into the Admin Portal.
- Go to Device & Users > Devices.
- Click the Advanced Search button located at the top right, above the table to display the query builder.
- Enter search criteria using the query builder, or type the search expression directly. See Device field definitions.
- Click Search. Verify your results.
- (Optional) Click Save to Label button. This will save your new search query as a new label and in Devices & Users > Labels, you can utilize this new label as a filtered label.
- If Notes for Audit Logs is enabled, a text dialog box opens. Enter the reason for the change and then click Confirm. For more information, see Best practices: label management.
Searchable fields
To see the complete list of searchable fields in the query builder:
- Click Field to see the categories
- Click Expand All.
The fields are organized alphabetically into the following categories for convenience:
- Device fields: apply to device type based on their operating system.
- OS-specific fields: apply to devices of the selected platform.
-
User fields: apply to the device’s user, including LDAP fields for groups and custom attributes.
Device field definitions
This section covers the device field definitions found in the Devices & Users > Devices page. They also display in the Advanced Search field on the same page.
Device Type |
Field |
Description |
Android Fields |
Admin Activated |
True / false if device activated by admin. |
|
Android Automated Enrollment (This field is valid for Core 10.6.0.0 or supported newer versions.) |
Once automated Android registration is completed, the following values display: •Google Zero Touch •Knox Mobile Enrollment •Non Zero Touch AE Enrollment - this is for Managed Devices / Device Owner types (afw#, QR code, NFC) •Unknown - this value displays if versions before Core 10.6.0.0 were used. This means the "In-App Registration Requirement field in Settings > System Settings > Users & Devices > Device Registration was used. It can also mean that an old client was used with Core version 10.6.0.0 or later. |
|
Android Client Version Code
|
Version code of the client. |
|
Android for Work Capable |
True if the device is Android Enterprise capable, otherwise false. |
|
Attestation |
Result of Samsung Attestation. |
|
Brand |
Brand of the device. |
|
C2DM Token |
C2DM token of the device if present, otherwise blank. |
|
Code Name |
Code name of the Mobile@Work client |
|
Developer Mode |
True if the Android device has Developer mode enabled, otherwise false. This is reported on all Android device configurations and also on KNOX. |
|
Device |
Brand name of device, for example, Mako. |
|
Device Encryption Status |
Device encryption status. |
|
Device Roaming Flag |
True if the device is roaming, otherwise false. |
|
File encryption |
True if the Android device has enabled file encryption, otherwise false. This is reported on all Android device configurations and also on KNOX. |
|
GCM/FCM Token Present |
GCM token of the device if present, otherwise blank. |
|
Google Device Account Present |
True if the device has a Google Device Account (eg: Android Enterprise), false otherwise. |
|
ICCID |
Integrated Circuit Card Identifier number. |
|
Kiosk Enabled |
True if the device is kiosk enabled, otherwise false. |
|
Manufacturer OS Version |
Manufacturer OS version. |
|
MDM Enabled |
True if MDM is enabled, otherwise false. |
|
Media Card Capacity |
Amount of memory capacity of the media / SD card. |
|
Media Card Free |
Amount of free memory on the media / SD card. |
|
Multi MDM |
Indicates true/false. |
|
OS API Level |
The Android OS API level. See https://developer.android.com/studio/releases/platforms for more details. This number is used so administrators can use a numerical comparison of OS versions. |
|
OS Build Number |
OS build number. |
|
OS Update Path |
OS Update Path. |
|
OS Update Status |
OS Update Status. |
|
OS Version |
Lists the OS version of the device. |
|
Password/PIN Days Before Expiring
|
Represents the number of days before the password / PIN will expire. This numerical value is controlled by the Security policy's Maximum Password Age field value. This field is a dynamic field, its value decreases every day by 1 until the password / PIN is renewed. At renewal, the value returns to the original number stated in the Maximum Password Age field and starts a new daily count-down. See Working with default policies. |
|
Platform Flags |
Internal string representing the capabilities of the Mobile@Work application. |
|
Registration Status |
Registration status of the device. Registration Status can be used as part of a dynamic label evaluation and criteria for tier compliance. In the Select Type drop-down, select one of these options: •Device Admin •Device Admin Not Required •Work Managed Device •Managed Device with Work Profile •Work Profile •Work Profile for Company Owned Device •Unknown |
|
Samsung DualDAR Version |
Represents the Samsung Knox v3 license key for DualDAR. Lists the Samsung DualDAR version if client is enabled. If not client enabled or device is in Device Owner mode, lists as "Unsupported." |
|
SafetyNet Enabled |
True if SafetyNet is enabled, false otherwise. |
|
SafetyNet Exception |
SafetyNet exception during error. |
|
SafetyNet Status |
SafetyNet status if enabled and no error. |
|
SafetyNet Timestamp |
Timestamp of when last SafetyNet check was run. |
|
Samsung Carrier Code |
Samsung Carrier code. |
|
Samsung E-FOTA Capable |
True if the device supports Samsung E-FOTA, false otherwise. |
|
Samsung KNOX Version |
Knox version, if present. |
|
Samsung Model Number |
Samsung Model Number. |
|
Samsung SAFE Version |
Samsung Safe Version. |
|
Screenlock PIN Change Prompt – Showing |
Indicates if device user was prompted to change the device's screen lock password / PIN and the device user skipped the prompt. Values are: •Unknown - If coming from an older client device, value is unknown. •True - Indicates the PIN is to expire in 7 days or less. •False - (default) Indicates the device user is not being prompted to change the password / PIN (it has not reached its 7-day expiration window.) The value listed stays until the device user successfully changes the password /PIN on the device. See Working with default policies. |
|
Secure Apps Enabled |
True if Secured Apps / AppConnect is enabled, otherwise false. |
|
Secure Apps Encryption Enabled |
True if Secured Apps Encryption is enabled, otherwise false. |
|
Secure Apps Encryption Mode |
Type of Secured Apps / AppConnect Encryption. |
|
Security Detail |
Reason for security failure if it occurs. |
|
Security Patch Level |
Security Patch Level string or timestamp. |
|
Security Patch Level Date |
Date of the Security Patch Level of the OS. |
|
Security Reason |
Reason device is considered jailbroken. |
|
USB Debugging |
True if USB debugging is enabled, otherwise false. |
|
Wear OS Client installed |
True only if one or more paired-watches have Mobile@Work installed on the Wear OS device. |
|
Wear OS Device is Paired |
True if one or more Wear OS device is paired to device via Bluetooth. |
|
Zebra Build Fingerprint |
Fingerprint of the firmware build currently present on the Zebra device. |
|
Zebra Device Build Id |
Current Build ID of the Zebra device. |
|
Zebra Device System Update |
|
|
Zebra OTA Capable |
True if the device supports Zebra OTA (Over The Air), otherwise false. |
|
Zebra Patch Version |
The version of firmware for the Zebra device to be upgraded to. This is the target firmware version of the firmware applied to the Zebra device through firmware policy. |
Common Fields |
APNS Capable |
Only true if there is an APNS token for the Mobile@Work client, otherwise false. |
|
AppConnect Term s of Service |
True/false for if the AppConnect Terms of Service was accepted. |
|
AppConnect Terms of Service Date |
Represents the date/time the AppConnect Terms of Service was accepted. |
|
Authenticator Only |
True/false if the device is registered in Authenticator Only mode. |
|
Azure Client Status Code |
Indicates whether device is connected to Azure. The possible values are:
|
|
Azure Device Compliance Report Status |
Lists the device's compliance status in Azure. Possible values are:
|
|
Azure Device Compliance Report Time |
The time Core reported the device compliance status to Microsoft Intune. A blank field indicates one of the following:
|
|
Azure Device Compliance Status |
Indicates Azure account has been deactivated or the device is not in compliance. Possible values are: Compliant / Not Compliant. |
|
Azure Device Identifier |
The device ID reported by Microsoft to the iOS or Android device. For example: 007c8232-9489-4074-9b35-345b16f0a72d. This is Microsoft’s ID for that device. Core receives this device ID as device users are required to register to Microsoft Authenticator application in order to use this feature. If unable to retrieve the Device ID, this field is left blank. |
|
Background Status |
True if iOS background status is enabled, otherwise false. |
|
Battery Level |
Percentage of battery left. |
|
Block Reason |
A list of reasons why the device is blocked. |
|
Blocked |
True if the device is blocked, otherwise false. |
|
Cellular Technology |
GSM, CDMA, or blank if the device does not support cellular. |
|
Client Build Date |
The build date of the client, if registered with Mobile@Work client. |
|
Client Id |
The unique client ID if the device was registered with Mobile@Work client. |
|
Client Last Check-in |
Date/Time of last check-in. |
|
Client Migration Status |
Status of Mobile@Work client migration from Core to Cloud (true/false). |
|
Client Name |
The name of the client, if registered with Mobile@Work client. |
|
Client Version |
The version of the client, if registered with Mobile@Work client; otherwise, false. |
|
Cloud Migration Status |
Status of device migration from Core to Cloud (true/false). |
|
Comment |
A field that the admin uses to add their own comments for the device. |
|
Compliant |
True if the device is in compliance, otherwise false. |
|
Creation Date |
The creation date of this device record. |
|
Current Country Code |
Current country code of the device. |
|
Current Country Name |
Current country name of the device. |
|
Current Operator Name |
Short name of the cellular carrier, if there is a cellular service. |
|
Current Phone Number |
Current phone number of device, if the device has cellular service. |
|
Device Admin Enabled |
True if device admin (Android) is enabled, otherwise false. |
|
Device Encrypted |
True if the device is encrypted, otherwise false. |
|
Device is Compromised |
True if the device is compromised, for example, jailbroken. |
|
Device Locale |
Locale of the device. |
|
Device Owner |
Company or Personal. |
|
Device Space |
Name of the space the device belongs to. |
|
Device UUID |
Unique ID of the device generated from Core. |
|
Display Size |
Size of device's display. |
|
EAS Last Sync Time |
Exchange ActiveSync last sync time. |
|
Ethernet MAC |
Ethernet MAC ID. |
|
Home Country Code |
Home (Initial) country code of the device. |
|
Home Country Name |
Home country name of the device. |
|
Home Operator Name |
Home Operator Name. |
|
Home Phone Number |
Home Phone Number. |
|
IMEI |
IMEI (International Mobile Equipment Identity) number. |
|
IMSI |
ISMI (International Mobile Subscriber Identity) number. |
|
IP Address |
Current IP address of the device. As new GDPR fields (such as IP Address and eSIM ID) are added throughout Core releases, the administrators who have configured GDPR already will need to edit the GDPR profile if they want to hide the new fields. |
|
Language |
Language of the device. |
|
Last Check-in |
Last check-in time of the device. |
|
Manufacturer |
Manufacturer of the device. |
|
MDM Last Check-in |
Last MDM check-in time of the device. |
|
MDM Managed |
True if the device is MDM managed, otherwise false. |
|
Memory Capacity |
Memory capacity of the device. |
|
Memory Free |
Amount of free memory in the device. |
|
MobileIron Threat Defense Status |
Mobile Threat Defense Status. |
|
MobileIron Tunnel App Installed |
True / false if the Tunnel app was installed. |
|
Model |
Model of the device. |
|
Model Name |
Model name of the device. |
|
Modified Date |
Date/Time for last updates to device details. |
|
MTD Anti-Phishing Status |
MTD Anti-Phishing Status. |
|
Non-compliance Reason |
Reason why the device is not in compliance. |
|
OS Version |
OS version number string. |
|
Passcode |
Contains registration PIN for a preregistered device, empty if none exists. |
|
Passcode Expiration Time |
The expiration time for the registration pin for a prereigstered device, empty if none exists. |
|
Platform |
Operating system of the device. |
|
Platform Name |
Operating system and OS version of the device. |
|
Processor Architecture |
Architecture of the processor for the device. |
|
Quarantined |
True if the device is quarantined, false otherwise. |
|
Quarantined Reason |
Reason for quarantined, empty if the device is not quarantined. |
|
Registration Date |
Registration date of the device. |
|
Registration IMSI |
Registration of ISMI (international mobile subscriber identity) number. |
|
Registration UUID |
Unique ID when registering from the client. |
|
Retired |
True if the device is retired, otherwise false. |
|
Roaming |
True if the device is roaming, otherwise false. |
|
SD Card Encrypted |
True/faise if SD card is encrypted. |
|
Security State |
Security state of the device. |
|
Serial Number |
Serial number of the device. |
|
Status |
Status of the device. |
|
Storage Capacity |
Total storage capacity, in bytes, of the device. |
|
Storage Free |
Number of bytes of free storage on the device. |
|
Terms of Service Accepted |
True if the End user Terms of Service was accepted, otherwise false. |
|
Terms of Service Accepted Date |
Date for when the End User Terms of Service was accepted, otherwise blank. |
|
Wi-Fi MAC |
Wi-FI MAC address of the device. |
iOS Fields |
Activation Lock Bypass Code |
Code to bypass activation lock. |
|
Activation Lock is Enabled |
True if Activation Lock is enabled on the device, otherwise false. Applicable to iOS. |
|
APNS Token |
Mobile@Work client APNS wakeup token. Applicable to iOS. |
|
Apple Device Mac Address |
iPhone (media access control address) MAC address. Applicable to iOS and OS X. |
|
Apple Device Version |
iPhone version code. Applicable to iOS and OS X. |
|
Apple OS Update Product Key |
Available OS update product key. Applicable to iOS and macOS. |
|
Apple OS Update Product Version |
Available OS update product version. Applicable to iOS and macOS. |
|
Apple OS Update Status |
OS update status. Applicable to iOS and macOS. |
|
Bluetooth MAC |
Bluetooth MAC address. Applicable to and OS X. |
|
Build Version |
MDM build version. Applicable to iOS and OS X. |
|
Carrier Settings Version |
Carrier settings version. Applicable to iOS. |
|
Current Mobile Country Code |
Current mobile country code. Applicable to iOS. |
|
Current Mobile Network Code |
Current mobile network code. Applicable to iOS. |
|
Data Protection |
Applicable to iOS. |
|
Data Roaming Enabled |
True if device is data roaming enabled, otherwise false. Applicable to iOS. |
|
DEP Device |
True if the device is Apple Device Enrolled, otherwise false. Applicable to iOS, macOS, and tvOS. |
|
DEP Enrolled |
True if the device is Apple Device Enrolled, otherwise false. Applicable to iOS. |
|
Device Locator Service is Enabled |
True if device locator service is enabled, otherwise false. Applicable to iOS. |
|
Device Name |
Name of the device. Applicable to iOS and OS X. |
|
Do Not Disturb is in Effect |
True if Do Not Disturb is enabled, otherwise false. Applicable to iOS. |
|
eSIM ID (EID) |
True to allow the cellular carriers to assign the SIM to a specific device. An example eSIM ID is: 89049032004008882600006858322414. The eSIM ID field is GDPR-compliant. As new GDPR fields (such as IP Address and eSIM ID) are added throughout Core releases, the administrators who have configured GDPR already will need to edit the GDPR profile if they want to hide the new fields. |
|
Force Encrypted Backup |
True if backups are forced to be encrypted, otherwise false. Applicable to iOS. |
|
Full Disk Encryption Enabled |
True if full disk encryption is enabled, otherwise false. Applicable to macOS 10.9+. |
|
Full Disk Encryption Has Institutional Recovery Key |
True if full disk encryption has institutional recovery key, otherwise false. Applicable to macOS 10.9+. |
|
Full Disk Encryption Has Personal Recovery Key |
True if full disk encryption has personal recovery key, otherwise false. Applicable to macOS 10.9+. |
|
Hardware Encryption Caps |
Hardware encryption capabilities. Applicable to iOS. |
|
iCloud Backup is Enabled |
True if Cloud backup is enabled, otherwise false. Applicable to iOS. |
|
iOS Background Status |
True if iOS background status is enabled, otherwise false. Applicable to iOS. |
|
iOS ICCID |
Device's integrated circuit card identifier number. Applicable to iOS. |
|
IT Policy Result |
Applicable to iOS. |
|
iTunes Store Account Hash |
iTunes Store Account Hash. |
|
iTunes Store Account is Active |
Ttrue if iTunes Store Account is active, otherwise false. Applicable to iOS. |
|
Languages |
Language of the device. Applicable to tvOS. |
|
Last Acknowledged Lock PIN |
PIN to unlock a locked macOS device. Applicable to macOS. |
|
Last Acknowledged Wipe PIN |
PIN to proceed after wiping a macOS device. Applicable to macOS. |
|
Last iCloud Backup Date |
Last iCloud backup date. Applicable to iOS. |
|
Last MTD Sync Time |
Last MTD check-in time. Applicable to iOS. |
|
Locales |
Locale of the device. Applicable to tvOS. |
|
macOS User ID |
macOS user ID. Applicable to OS X. |
|
macOS User Long Name |
macOS user's long name. Applicable to OS X. |
|
macOS User Short Name |
macOS user's short name.Applicable to OS X. |
|
Maximum Resident Users |
Only for use with iOS Education Shared iPads. Tells the device how many users will have their data cache on the device. When the device reaches this number, the next logged-in user that is not already present will be cached and one of the cached users will be removed from the cache (up to Apple which user.) Applicable to iOS. |
|
MDM Lost Mode Enabled |
True if MDM Lost Mode is enabled, otherwise false. Applicable to iOS. |
|
MDM Service Enrolled |
True if the device is was enrolled via MDM Service (non-over air Apple Device Enrollment), otherwise false. Applicable to iOS. |
|
MEID | Mobile Equipment Identity Number. |
|
Modem Firmware Version |
Modem firmware version. Applicable to iOS. |
|
Network Tethered |
True if the device was reported as currently network tethered, otherwise false. Applicable to macOS. |
|
Organization Info |
Organization for the device. Applicable to iOS. |
|
Passcode Compliant |
True if passcode is in compliance, otherwise false. Applicable to iOS. |
|
Passcode Compliant with Profiles |
True if passcode is compliant with rules specified from profiles. Applicable to iOS. |
|
Passcode Present |
True if Passcode is present on device, otherwise false. Applicable to iOS. |
|
Personal Hotspot Enabled |
True if Personal Hotspot is enabled, otherwise false. Applicable to iOS. |
|
Product Code |
iPhone Product code. Applicable to iOS and OS X. |
|
Product Name |
Product name. Applicable to iOS and OS X. |
|
Security Reason Code |
Security reason code. Applicable to iOS. |
|
SIM Label 1, 2, 3 |
SIM label associated to the phone number. |
|
SIM MCC 1, 2, 3 |
SIM card mobile country code associated to the phone number. |
|
SIM MNC 1, 2, 3 |
SIM card mobile network code associated to the phone number |
|
SIM Phone Number 1, 2, 3 |
The phone number associated with the SIM card / eSIM. |
|
SIM EID 1, 2, 3 |
The SIM ID of the carrier assigned to the SIM of a specific device. The EID will be included in the response of the simdetails API call. (For more information, see the V2 API Guide.) In the Device Details page, clicking on the number in the field opens the SIM Information dialog box allowing the administrator to see SIM information, including the EID. Applicable to iOS 14.0 through the latest version of Core. |
|
SIMs |
•Lists the number of SIMs associated to the device. This includes embedded SIMs (eSIM) and physical SIMs. •There can be multiple SIMs associated with the eSIM. •For eSIMs in iPhone XS, iPhone XS Max, or iPhone XR with iOS 12.1 or supported newer versions. |
|
Subscriber Carrier Network |
SIM card subscriber carrier network. Applicable to iOS. |
|
Subscriber MCC |
SIM card mobile country code. Applicable to iOS. |
|
Subscriber MNC |
SIM card mobile network code Applicable to iOS. |
|
Supervised |
True if the device is MDM supervised, otherwise false. Applicable to iOS. |
|
Time Zone |
Lists the time zone applied to the device. |
|
UDID |
iPhone unique device identifier. Applicable to iOS and OS X. |
|
Voice Roaming Enabled |
True if voice roaming is enabled, otherwise false. Applicable to iOS. |
|
VPN IP Address |
VPN IP address. Applicable to iOS and tvOS. |
|
Wakeup Status |
Device Wakeup status. |
User Fields |
Display Name |
The display name of the device user. |
|
Email Address |
Device user's email address. |
|
First Name |
Device user's first name. |
|
Last Admin Portal Login Time |
Date of admin's last log in into Core. |
|
Last Name |
Device user's last name. |
|
LDAP > Attribute Distinguished Name |
The Attribute Distinguished Name for an LDAP user. |
|
LDAP > Groups > LDAP Group Distinguished Name |
LDAP Users who are members of an LDAP group with a specific group distinguished name. |
|
LDAP > Groups > Name |
LDAP Users who are members of an LDAP group with a specific group name. |
|
LDAP > LDAP User Distinguished Name |
The LDAP distinguished Name of the user. |
|
LDAP > LDAP User Locale |
An LDAP User who are members of a specific locale. |
|
LDAP > Principal |
Value of the attribute specified as the User ID in the LDAP server configuration. |
|
LDAP > upn |
Value of the attribute specified as the User Principal Name in the LDAP server configuration. |
|
LDAP > User Account Control > Account Disabled |
Indicates whether the LDAP user account is disabled (true/false). |
|
LDAP > User Account Control > Locked Out |
Indicates whether the LDAP user account is locked out (true/false). |
|
LDAP > User Account Control > Password Expired |
Indicates whether the LDAP user 's password has expired (true/false). |
|
LDAP > User Attributes > custom1 |
The value of the LDAP user attribute is defined in Services > LDAP. |
|
LDAP > User Attributes > custom2 |
The value of the LDAP user attribute is defined in Services > LDAP. |
|
LDAP > User Attributes > custom3 |
The value of the LDAP user attribute is defined in Services > LDAP. |
|
LDAP > User Attributes > custom4 |
The value of the LDAP user attribute is defined in Services > LDAP. |
|
LDAP > User Attributes > memberOf |
The value of the LDAP user attribute is defined in Services > LDAP. |
|
SAM Account Name |
The security account name. This was the login name for earlier versions of Windows. |
|
User ID |
The LDAP user ID. |
|
User UUID |
The LDAP Universally Unique Identifier. |
For Windows field definitions, see https://docs.microsoft.com/en-us/windows/client-management/mdm/healthattestation-csp.