search cancel

Devices enrolled in a SEP Mobile environment integrated with Workspace One / Airwatch may display a "Device not tagged properly" error

book

Article ID: 252873

calendar_today

Updated On:

Products

Endpoint Protection Mobile

Issue/Introduction

Devices enrolled in a SEP Mobile environment integrated with the Workspace One (WS1 - formerly Airwatch) MDM solution may display a "Device not tagged properly" error in the Device Details pane:

Devices impacted by this issue will also show a light blue tag for MDM status in the main device view of the SEP Mobile Management Console (MC): 

(Note that user information was redacted in the above screenshot)

Environment

This can impact any Android or iOS device in a WS1 integrated MC, regardless of the device's health, risk or compliance status.  However note that this error should only be considered an issue for devices where SEP Mobile has been activated, and where the device has been communicating with both the MC and WS1 server.  

Cause

This is due to insufficient API permissions in WS1, however once the issue begins it may be necessary for Broadcom Engineering to take additional steps to help remediate it.  

Resolution

1.) Please review and update the API permissions in WS1 per Step 2 of the SEP Mobile - WS1 integration document: 

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection-mobile/1-0/Integrations/integrating-with-v130585815-d4221e10509.html

2.) Once the necessary changes have been made, monitor the MC for a period of 48 hours or longer to confirm whether the "Device not tagged properly" error is resolved.  

3.) If the issue persists, please open a case with Broadcom Support, and ask for a review of the affected MC.  In the case please ask specifically for review of whether the following actions need to be taken by Engineering: 

- Enabling a tagging reconciliation job on the affected SEP Mobile environment (to prevent devices from being affected in the future)
- Running a batch "test policy" job (to clean up any devices currently impacted by this error) 

Attachments