Habeo
Sign inSign upBook a demo

HabeoFeaturesDiscovery

Feature · Discovery · updated May 19, 2026

Discovery without an agent.

Habeo treats your MDM as the source of truth for hardware. No endpoint agent to ship through change management. No on-prem MID server to maintain. No three-month consulting engagement. The first sync runs minutes after the connector is authorized.

Book a demo Browse connectors
0
Endpoint agents
0
MID servers
1h
Default refresh cadence
<10m
From auth to first sync
Two ways to know what you have

Two postures. One of them doesn't need a rollout.

Agent-based discovery

Ship software to every endpoint.

Choose between an endpoint agent (Lansweeper Cloud, Snipe-IT collectors, ManageEngine probes) or an on-prem scanner (Lansweeper Classic, ServiceNow MID Server). Either way: roll out, maintain, troubleshoot.

Habeo MDM-native discovery

Read through the MDM you already run.

OAuth-authorize Jamf, Intune, and Google Admin. The connector polls hourly, refreshes on-demand, and inherits whatever enrollment posture your CISO already approved.

The three MDM connectors that ship live

Three connectors cover > 95% of the higher-ed fleet.

Apple, Windows, and ChromeOS — covered with native, OAuth-authorized connectors. No third-party broker. No middleware vendor.

Jamf Pro

Apple endpoints — Mac, iPad, Apple TV

Devices
28,304
Status
Live · 32s ago
Jamf Pro API · OAuth 2.0

Microsoft Intune

Windows + managed Android

Devices
14,118
Status
Live · 32s ago
Microsoft Graph · client-credentials

Google Workspace Admin

ChromeOS + managed mobile

Devices
5,795
Status
Live · 32s ago
Admin SDK · domain-wide delegation
What you actually see

The integrations console, on a normal Tuesday.

What lands in /assets

Twelve fields, ingested, normalized, queryable.

Every connector normalizes to the same higher-ed asset record. The raw MDM payload is preserved for audit; the canonical fields are searchable from the moment the sync completes.

Serial number
Asset tag (vendor)
Manufacturer · model
Operating system + version
FileVault / BitLocker state
Compliance posture
Primary user (MDM-attributed)
Hardware UUID · MAC
Last check-in time
Autopilot / DEP enrollment
Storage · RAM · processor
Battery cycle count (where exposed)
Beyond the MDM

What about everything else?

Lab instruments. Loaner carts. AV racks. The drawer of returned laptops. The discovery story doesn't end at the MDM perimeter.

BYOD / lab / AV — three on-ramps.

For devices that aren't and won't be in MDM: bulk CSV import with column mapping, Workday-driven phantom-record bootstrap during a JML event, or manual tag-and-enroll in /assets/new.

FERPA-safe primary-user attribution.

Habeo never copies student PII into MDM. Primary-user attribution back to Workday happens server-side at retrieval, so the MDM record stays minimal for the institutions that need it that way.

Audit trail on every connector sync.

Every poll, every on-demand refresh, every connector auth event is timestamped to the immutable audit log. When an auditor asks how a record arrived in Habeo, the answer is in /audit.

Frequently asked

Discovery, answered.

The questions we hear in every procurement review. Answered briefly, with the technical detail your CISO will ask for next.

Do we have to install anything on endpoints?
No. Habeo does not ship an endpoint agent. We read from the MDM you already run — Jamf Pro for Apple, Microsoft Intune for Windows / managed Android, and Google Workspace Admin SDK for ChromeOS and managed mobile. The first sync runs minutes after the MDM connector is authorized.
What about devices that aren't in MDM?
For unmanaged or BYOD assets — lab instruments, AV racks, network gear, the literal "drawer of returned laptops" — Habeo provides three on-ramps: bulk CSV import with column mapping, a Workday-driven phantom-record bootstrap during a JML event, and a manual tag-and-enroll flow in /assets/new. None require an agent.
How often does the feed refresh?
Every connector polls hourly by default; the Habeo Copilot can request an on-demand sync from any /assets row. Inventory fields, OS version, compliance state, FileVault / BitLocker status, primary user, and Autopilot enrollment metadata all flow through. Refresh latency is exposed on /settings/integrations/<connector>.
How is this different from Lansweeper's scanner?
Lansweeper's discovery is agent- or scanner-based: software lands on the endpoint, runs an inventory, and ships it up. That requires deploying an agent (Lansweeper Cloud) or running an on-prem scanner (Lansweeper Classic) — and either way, it duplicates the inventory the MDM is already keeping for you. Habeo reads through the MDM, so the discovery posture is exactly your MDM enrollment posture. No second agent, no second source-of-truth war.
How is this different from ServiceNow Discovery?
ServiceNow Discovery requires an on-prem MID Server, a scheduled discovery probe, and (usually) a consultant to write the patterns that map raw inventory back to CIs. Habeo doesn't ship a MID server — the MDM connector is OAuth-authorized and the data model is higher-ed-native out of the box.
Which MDM versions do you support?
Jamf Pro API on tenants 11.0+; Microsoft Graph for any Intune-enrolled tenant; Google Admin SDK with domain-wide delegation for any Workspace tenant on Business+ or Education. Older Jamf Classic-API endpoints are still passthrough-supported for fields the modern API doesn't expose. Full list in /partners.
Live in an afternoon

Bring a sandbox MDM tenant.

On the demo call we'll OAuth-connect a sandbox Jamf or Intune tenant and watch the first sync land in real time. 30 minutes, founder-led, no SDR triage.

Book a demo See MDM partners