Getting started with Device Usage policies
Device Usage policies control the collection of device usage information from your devices. Device usage is based on the following activity:
-
User authentication events:
- Login: A user logged in to the device, either directly or remotely, by entering their username and password on the login screen.
- Logout: A user or system logged out of the device and all applications are closed.
- Unlock: A user unlocked the device, either directly or remotely, by dismissing the Lock screen (if applicable) and entering their password on the login screen.
- Lock: A user or system locked the device. The user is still logged in to the device and open applications are still running, but a username and password is required to unlock the device.
- Sleep: A user or system put the device in sleep mode. The user is still logged in to the device, but all actions are paused.
- Wake: A user or system wakes the device up from sleep mode.
- Shutdown: A user or system restarts or turns off the device.
Login and Unlock are the only events that apply to Chromebook devices.
Depending on the device's operating system, power settings, and the method used to power off the device, you may see different events. For example, when you restart a Windows device and unlock it with a password, Logout, Shutdown, and Unlock events are recorded. When you restart a Mac device and unlock it with a password, Shutdown and Login events are recorded.
When the device is restarted using a hard reset (the power button is held down to restart the device), only a Login event is recorded.
-
Device Activity: the amount of time the device is actively in use
Depending on the page you're viewing, activity may be presented as minutes of activity over a 24-hour period, or average daily usage The daily usage of a device, averaged over the 30 days prior to the most recent agent check-in and expressed in total hours and minutes. Note that any days with no usage are not included in the calculation. Applies only to Windows, Mac, and Chromebook devices with an activated Device Usage policy..
A Windows or Mac device is deemed to be in use if it is unlocked. Activity ceases when the screensaver shows, the monitor is powered off, or the device is locked or shut down.
A Chromebook device is deemed to be in use if the display is active (not dimmed). Activity ceases when the display is dimmed, or the device is sleeping, locked, or shut down.
Note that if a device shuts down unexpectedly, the most recent activity is saved.
Activate the Device Usage policy if you want to view a report of the devices that were in use during a given time period. For example, a school district may want to see how many of the Mac devices issued to a particular school were used in the past six months. They can also compare device usage across multiple schools in their district.

Note that to capture the SSID and BSSID information associated with a user authentication event, Location services need to be enabled on the device. For more information, see Windows or Mac documentation.

The Device Usage Reporting (DUR) component of the Secure Endpoint Agent is responsible for collecting user events and device activity on your devices.
When you activate a Device Usage policy, the DUR component A lightweight software component of the Secure Endpoint Agent that detects the usage of a device by capturing user authentication events performed on the device by a user. It also captures minutes of activity. The DUR component is deployed on a device only when the device is associated with a policy group in which the Device Usage policy is activated. is activated on each device after the next successful agent connection to the Absolute Monitoring Center. Going forward, the component logs a device usage event each time a user logs in to or unlocks the device. It also detects the number of minutes per hour the device is actively in use.
By default, device usage information is encrypted and uploaded to the database once a day (00:00) using a secure connection.
The DUR component also collects the following device information associated with each user authentication event:
- Event Type and Event Time
- IP addresses
-
SSID and BSSID (Windows and Mac devices only)
If Location services are not enabled on the device, this information is not collected.
- Default Gateway
- Domain
- Active Directory organizational unit
- Username
Depending on the device's operating system, power settings, activity type, and the method used to power off the device, some information may not be available. When this happens, No data appears in the Secure Endpoint Console console, and the field is empty when you export the data.
Some device information is not available for Chromebook devices.

By default, the Global Policy Group includes a preconfigured Device Usage policy, which is set to Inactive. Although you can activate the policy in the Global Policy Group, best practice is to create custom policy groups and activate each policy group's Device Usage policy, as required.

After you activate a Device Usage policy, the agent begins to collect device usage information from the devices associated with the applicable policy group. You can view the collected information by creating a Device Analytics report using the report type, Device Usage. You can also view detailed usage event information on a device's Device Details Usage page. To see device usage information at a glance, view the Device Usage widget on the Home dashboard.
Data is available for device activity that occurred after the activation date of the Device Usage policy. Also, you need to wait at least a few days after activating the policy before you can see any device usage information in the Secure Endpoint Console. Device usage data is retained in the system for one year.