Unapproved Devices
Unapproved devices are devices that have registered with a bridge, the bridge has notified UDM Pro of the registration, but the administrator has not yet approved the device to do anything more than simply register. Consider that the process of registering is asking permission to use the totality of services that the bridge and UDM Pro can offer.
Unapproved devices display the same type of information that an approved device would show.
Unapproved Devices are listed by the following columns:
- Media access control (MAC) address – the hexadecimal number that identifies a device on a network. MAC addresses (theoretically) are unique. Be assured that a given MAC address will be unique on your network
- Session initiation protocol uniform resource identifier (SIP URI) – a SIP URI, which resembles – and may be – your email address is used for applications to communicate with the device using TCP/IP
- IP Address – IP Address is the number assigned to a device on your network, and could be either IPv4 or IPv6. IP addresses are usually assigned using the dynamic host configuration protocol (DHCP) server or service on your network.
- User/Contact - user name or contact of the device
- Model – Lists the name of the phone model.
- Location – The defined physical location of the device if the Location is associated with a defined subnet configured in Locations
- Software – The version of software currently on the device.
- Last seen – Last time the device actively polled for updates or changes.
One item that is unique to unapproved devices that is not on proper devices is the action Approve. Approving a device is acknowledging that you know what the device is, where it is and that it is a known part of your phone infrastructure
Caution! Never approve devices that you do not know. The stance that you should take is that you cannot know if the you are approving is, in fact, a device that you trust. It might be a rogue phone (or a program emulating a phone) that someone has attached to your network. Approving the device might give the person the ability to improperly use your phone system for a wide variety of purposes that violate your policies, such as toll theft to mention only one.
Many environments use safeguards that are network-based. For example, the act of plugging in a phone without allowing communication beyond a network device (typically a switch) prevents the type of abuse vector that approval in UDM Pro is designed to prevent. In these cases, use of a feature in UDM Pro and common to phone provisioning, zero-touch approval (ZTA) is an option that reduces the administrative effort of manually approving new devices by allowing the system to accept and approve new devices automatically.