Skip to main content
Matrix42 Self-Service Help Center

Allow only pre-authorized devices to become managed

Pre-authorize Devices

The Hardware authentication in Silverback is a part of access control, which ensures that only pre-authorized devices are allowed to become a managed device, e.g. only corporate owned devices that are issued and are fixed assets of your organization. Within the Hardware Authentication section, you define the list of devices that are allowed to be fully managed in Silverback. To enforce the Hardware Authentication compliance, you need to configure additionally the Lockdown Policy Enforce Hardware Authentication within an Tag that will be applied to devices during or after the enrollment. Silverback will verify then the serial number and/or IMEI of the device against the pre-authorized list and only known devices will get to the managed status. Unknown devices will remain as blocked. Additionally, you can use the Hardware Authentication to predefine the device ownership, a label, and a visibility flag for each device.

Please note that not all management types allows you to get the Serial or IMEI number of your managed devices as these identifiers are marked as particularly sensitive data from the operating system vendors. The following management types are protecting this sensitive data: 

  • Android Legacy Management starting with Android 10 (due to the general deprecation of the legacy management)
  • Android Enterprise Work Profiles
  • Apple User Enrollment

In case you are using one of these management types, we recommend to enforce the Hardware Authentication only for corporate devices and ensure to flag devices with Work Profiles and User Enrollment with a Personal Ownership. 


Detail Example Description
Id e.g. 1 Database ID for the item
Serial Number e.g. F17M9VN8FFG8 Serial number of the device
IMEI e.g. 35303609258938 8 IMEI number of the device
Username e.g. Displays the associated user to this device when it is enrolled. 
  • Corporate
  • Personal
Displays the pre-defined ownership for this device and will overwrite whatever end users are choosing from Self Service Portal
Device Name e.g. Imagoverum-iPad-001 Displays the pre-assigned device name
Label e.g. Marketing Displays the currently associated Label
Visibility Flag e.g. Executive Board Displays the currently associated Visibility Flag
Edit Admin_Guide_SB_029.png Edit the selected device id
Remove Admin_Guide_SB_030.png Removes the selected device id

Add New Device ID

  • Open to your Silverback Management Console
  • Login as an Administrator
  • Navigate to Admin
  • Select Hardware Authentication
  • Press New Device IDs
  • Enter the Serial Number and/or an IMEI number of your device
  • Enable the Pre-Assign Ownership checkbox and select the Ownership
  • Configure additional options and press save

Either Serial or IMEI is required, but one must exist. It’s also allowed to populate both serial and IMEI, but this will match either or (i.e. it will not make sure the device matches both values, it will find the first match and allow this).

Setting Options Example Description
Serial Number Enter Serial Number e.g. F17M9VN8FFG8 Serial number of the device you want to detect
IMEI Enter IMEI e.g. 353036092589388 IMEI number of the device you want to detect
Pre-Assign Device Name Enabled or Disabled e.g. Imagoverum-iPad-001

If enabled, the Device Name column in the CSV will be used to populate the device name value for this serial number. 

Supported for iOS supervised devices

Pre-Assign Ownership Enabled or Disabled Corporate or Personal If enabled, the console user can select the Ownership that will be assigned to the imported devices, either Corporate or Personal. It will overwrite whatever end users are choosing from Self Service Portal
Pre-Assign Label Enabled or Disabled e.g. Marketing If enabled, the Label will be populated to this serial device
Pre-Assign Visibility Flag Enabled or Disable e.g. Executive Board If enabled, the Visibility Flag will be populated to this serial device

Bulk Import Device IDs

Besides adding a single Device ID to the Hardware Authentication, you can use the Bulk Import option to upload a *.csv file containing all of your assets.

Create your *.csv file

  • Download the example file:  Hardware Authentication.csv
  • Open the Example File with an editor (e.g. Notepad++)
  • Review the additional notes and create a list with your devices

Review Additional Notes

  • The Hardware Authentication *.csv file needs to be created in the following format: Serial Number,Label,Device Name,Visibility Flag,IMEI
  • Either Serial or IMEI is required, but one must exist
  • Our recommendation is to use Serial Number as criteria 
  • Create for any Device Platform (iOS, Android) separated *.csv files
  • For all other then iOS, keep the *.csv  format, enter a dummy Device Name and do not Enable Pre-Assign Device Name

iOS example:

F9FWFJD4JF85,Frankfurt,Tim Tobers iPad,Executive Board,353036092589388
F17M9VN8FFG8,Frankfurt,Tim Tobers iPhone,Executive Board
F9FWFJD4JF86,New York,Maria Millers iPad,Executive Board
F17M9VN8FFG9,New York,Maria Millers iPhone,Executive Board
F9FWFJD4JF81,London,Vincent Valentines iPad,Executive Board,353036092589389

Android example: 

02503a0759313c6b,Frankfurt,Android,Executive Board
00cebf02959bc196,New York,Android,Executive Board

Bulk Import Device IDs

  • Click Bulk Import
  • Click Choose File
  • Select your *.csv file 
  • Click Open
  • Enable Pre-Assign Device Name (optional)

Silverback System Variables are not supported

  • Enable Pre-Assign Ownership (optional)
  • Enable Pre-Assign Label (optional)
  • Enable Pre-Assign Visibility Flag (optional)
  • Click Save

Enforce Hardware Authentication 

To enforce the Hardware Authentication compliance, you need to configure the Lockdown Policy Enforce Hardware Authentication within an Tag that will be applied to devices during or after the enrollment. You can decide which action (Lock, Block, Delete Business Data or Factory Wipe) should be executed, when a non listed hardware authentication device will be enrolled to Silverback and if Administrators should receive a warning about a detected policy violation. 


Additional Notes

Silverback will display a Policy Violation in the Device Overview for devices that are not present in the Hardware Authentication. From here you add either the Serial Number, the IMEI number or both values to the Hardware Authentication list.  clipboard_e97374a073db9571e4bdb515ca60175a8.png
Administrators that have enabled the Receive Email Alerts option will receive the following notification clipboard_e255688056b4a9536dec8318f575f3947.png
By executing the Delete Business Data operation, you will receive the following question for devices that are part of the Hardware Authentication. By selecting yes, the device will be removed from the Hardware Authentication list. S,o if the device will leave you company, you will probably select yes. clipboard_e337ff9654f9897ead5b95c5210ce5da3.png