Skip to main content

Netskope Help


The Devices page focuses on monitoring the Client's status of all the devices in your tenant. You can export your entire device list to CSV file. To open the Devices page, go to Settings > Security Cloud Platform > Netskope Client > Devices.

Enable and Disable Device(s)

To enable or disable the Netskope client, or collect logs from a device, click the checkbox next to the hostname and click Enable or Disable. These buttons remain grayed out until you select a hostname.


Logs can only be collected from individual devices, but you can enable and disable the Netskope Client on multiple devices at one time.

Search Functionality

You can use the Search functionality to look for a specific device added in the tenant. To search for a device, enter the username in the search field. The search is not case-sensitive and you can get search results that are Like ~ or Equal = to the text entered in the text box.


The Devices page displays information based on the selected filter.

Default Filter

You can click FILTERS above the Search text box to select the default filter. The filters are either created by you or shared with you. The following are the default filters:

  • All Devices: Displays all devices within your tenant where the Netskope client is installed.

  • New Devices: Displays all devices with Netskope Client added within the last 24 hours. You can change the filter to search using options from the Last Event Time dropdown menu. For example, Last 7 days, Last 30 days, and so on.

  • Anonymous Devices: Displays devices where the the user has not logged after installing the Netskope client.

  • Disabled Devices: Displays devices where the Netskope client is disabled. Devices can end up in this state when an admin has taken through the admin console, or when an end user (if allowed) has client from the device.

  • Uninstalled Devices: Displays devices where the Netskope Client is uninstalled.

  • Installation Failure: Displays devices where the Netskope Client installation failed.

Custom Filter

To use custom filters, click +Add Filter and select a filter.  Enter text in the search field to display devices on the Devices webUI.


The following table refers to the filters that you can use to refine your search results:

Filter Option


Client Install Time

The time taken to install the client in a device.

Client Version

You can view devices tagged to a specific version.

Client Status

Filter devices according to the current client status.

Internet Security Status

Display devices with respect to the internet security status such as Enabled, Disabled, Errored, Fail Closed, and Backed Off.

Private Apps Access Status

Display devices with respect to the private app access status such as Enabled, Disabled, and Errored.

Endpoint DLP Status

Display devices with respect to the private app access status such as Enabled, Disabled, and Paused.

Last Event

Display those devices where the client last event posted was installed, enabled, or disabled by the admin or user.

Last Event Actor

Displays those devices where the events are created by user, admin, or system.

Last Event Service

Displays devices where the event service is either Internet Security or Private Apps Access.

User Source

Displays devices where the users are sourced from AD or local.

User Group

Displays devices where the users added in that device is also a part of the listed user groups.

User OU

Displays devices based on the organizational units.

Show Pre-logon Users

Displays devices where the Pre-logon users options are added or not.

Device Classification

Displays devices according to their status like managed, unmanaged, unknown, not configured.

Device OS Platform

Displays devices according to the operating system.

Client Configuration

You can configure system-wide settings using the Client Configuration dialog box.  Click Client Configurations displayed at the top right corner of the Devices page to open Client Configuration. To learn more, view Client Configuration.

Device Information

The following lists the various components to display the Device information on this page:

  • Hostname


    For Android and iOS devices, the device serial number is displayed as NA.

  • Device Classification

  • OS platform

  • Make

  • Model

  • Unique Device ID

  • Management ID

  • Serial Number

  • User (displays user email address)

  • User GroupOU

  • Client Installation Time

  • Client Version

  • Client Status

  • Internet Security Status

  • Private Apps Access Status

  • Endpoint DLP Status

  • Last Event Service

  • Last Event

  • Last Event Actor

  • Last Event Time

Additional Information

  • To display additional information such as Make, Model, Last Event Actor on the Devices webUI,  click Devices_DeviceInformation_Settings_104.png  displayed on the devices list table and select options according to your requirement.

  • If the device includes more than one user:

    • The Users column displays the total number of users.

    • The Internet Security Status, Private Apps Access Status columns displays Multiple Statuses and Last Event displays Multiple Events.

    • Click the hostname to select the user from the list of users added to that device.

  • Click the checkbox in the Hostname column to select all deployed devices. You can select only up to 10,000 devices at a time. If there are more than 10,000 devices, make your selection in batches.


For iOS devices, the hostname, model, version, and check-in are not shown, and only devices that are installed using MDM managed devices with the VPN profile with the Email listed.

View Device Details

To view the details of an individual device, select the hostname or click the ellipsis(...) and select View Details to open the device details page.


The device details page displays device, and client information. To view event history, group membership, or organization unit information, click the appropriate tab.

  • If Endpoint DLP is enabled, you can pause or resume the service from the detail view. The default pause time is 30 minutes.

Manage Client

The admin can control the user access to enable or disable the Client. The admin can select one of the following options:

  • Enable Traffic Steering - The admin enables Client for the selected device and restricts the user from disabling the Client.

  • Disable Traffic Steering - The admin disables Client for the selected device and restricts the user from enabling the Client.

Export Device Information

To export the contents in the Device UI to a CSV file, select the hostnames and click Export. The details displayed in the exported file depends on the options that you choose on the Export webUI. When there are multiple users added to a device and you choose Unique Devices in the Type field on the Export webUI, the CSV will only display the total number of users added to that device. To view each username added to a device, choose the option Devices and Users in the Type field.

Client Status

The following table lists various client statuses according to Internet Security and Private Access Apps services and their meaning. You can also query client status via the  Get Client Data REST API.

Internet Security Service Status








Via email invitation, distribution tool (i.e. SCCM, Altiris, JAMF etc)

Tunnel Up



'Auto' enabled just after install, upgrade or later

Tunnel Down



disabled - default startup state of client i.e. after installation/upgrade/restart

Tunnel down due to secure forwarder



'Auto' disabled due to Netskope Secure Forwarder found

Tunnel down due to GRE



'Auto' Disabled due to GRE

Tunnel down due to IPSec



'Auto' Disabled due to IPSec

Tunnel down due to Data Plane on-premises



'Auto' Disabled due to on-premises DP

Tunnel down due to config error



'Auto' disabled due to config errors/missing config

Tunnel down due to error in Modern Standby mode



Auto' disabled due to device in modern standby mode (AOAC)

Tunnel down due to error



'Auto' disabled due to (any other) error

Change in network



'Auto' disabled due to change in network

System shutdown



'Auto' disabled due to system restart/ power down

System powerup



'Auto' Tunnel status will be as per actual status

Enrollment Token Error



Displayed when an invalid enrollment authentication token is used

User Disabled



User disabled the client from the system tray

User Enabled



User enabled the client from the system tray

Admin Disabled



Tenant admin disabled the client from the system tray

Admin Enabled



Tenant admin enabled the client from the webUI




Uninstalled by end user, admin, SCCM admin etc

Installation Failure



Installation failed

Uninstallation Failure



Disabled  Failed to uninstall the Client

Upgrade Success



Client upgraded successfully

Upgrade Failure



Client failed to upgrade

Private Access Apps Status





Tunnel up



When device is connected to the NPA tunnel.

Tunnel down



  • Private access is not available.

  • No tunneling even after private access is available for the tenant.

  • User disables the Client for a tenant where NPA is available.

  • Admin disables the Client for a tenant where NPA is available.

  • NPA tunnel is disconnected due to error.