Frequently Asked Questions

These answers address common ambiguities and design decisions in AlloyScan that aren't always obvious from the product UI. For step-by-step instructions, see the relevant how-to or reference page; this page focuses on why the product behaves the way it does.

Why does my scan not reach the per-device detail I see in Inventory?

A Scan is the discovery phase: it collects basic device identification — NetBIOS, DNS, MAC, IP, and OS — and decides whether a host is reachable on the network. An Audit is the second phase, performed against a chosen device, and is the step that collects detailed hardware, software, and configuration data. A scan that ran successfully will not populate the device Audit tab on its own; an audit must follow. See Key Concepts for the full distinction.

What does "Audit source" on a device snapshot mean?

Each snapshot records the origin that produced it — Service, Agent, Import, or Manual. The value is shown on the device Audit tab and drives provenance in logs and reports. Use it when reconciling near-duplicate devices or when investigating why two snapshots disagree on a field.

Note: The full Audit source enum is finalising — confirm against your release.

Why are some devices showing as near-duplicates in Inventory?

The de-duplication algorithm matches each new audit snapshot to an existing device record. When it cannot uniquely link a snapshot — most often because the BIOS UUID is repeated by a vendor or generated identically across cloned VMs — a near-duplicate row appears with the same name but a different device UUID. Enabling the Windows MachineId fallback site setting mitigates the most common root cause. If you still see duplicates, support can reconcile given both Audit IDs.

When does the recharge day reset audit and API quotas?

Each instance has a single Recharge day (for example, the 27th of each month). On that day, the Audits per month and API transactions per month counters reset for every site on the instance. The Recharge day is shown on Admin Center > Site Settings > Limits and usage and on the global Admin Center > App management > Billing > Limits and usage page. Usage history is preserved on both pages.

Why does my API client see "API client alert" banners on every page?

The App registration backing your integration has expired. AlloyScan fires reminder notifications 30 days and 7 days before expiry; once the Expiration date passes, the persistent red API client alert banner appears on every page in the AlloyScan UI and tokens issued from that registration stop working. Renew or replace the registration at Admin Center > Site Settings > IAM > App registrations. See App Registrations Reference.

Does AlloyScan support multi-factor authentication?

Not as a native AlloyScan feature. If you sign in through Microsoft or Google SSO, any MFA enforced by that provider applies transparently. Treat MFA as an SSO-provider responsibility rather than an AlloyScan-configurable control. See About Authentication.

Why do some sites not show Security log, Change log, or SSO providers in Admin Center?

These menu entries can be disabled at the deployment level. If a surface is not enabled for the instance, the menu entry is not rendered at all. This is not a per-user RBAC effect; raising the user's role will not make the entry appear.

What happens to existing Change history when I turn Change tracking off?

New Change Events stop being recorded, but existing records remain until retention expires or a Global Administrator runs Purge change history. Toggling Change tracking off does not erase the past — it only stops the future.

How many audit schedules can a single device have?

Exactly one, or none. Assigning a new schedule to a device replaces the previous one. Coverage of many devices is achieved by attaching the schedule to a Segment, not by stacking multiple schedules on the same device.

What does "Inactive" mean for an Audit Service or Audit Agent, and when is it deleted?

Inactive means no heartbeat within the inactivity threshold. After roughly 30 further days without a heartbeat, the record transitions to ScheduledForDeletion; if the host comes back online during that window, the agent self-uninstalls; otherwise the record is deleted on its ExpirationDate by the RetiredAgentsAndServices background process.

Why do public docs list 3 notification categories while the UI shows 4?

The UI exposes four categories — Informational, Warning, Critical, and Conditional. Earlier public documentation described three. This is a known divergence; follow the four-category UI when authoring runbooks.

Related

• Glossary
• About AlloyScan
• Key Concepts
• App Registrations Reference