This article explains how Managed Service Providers (MSPs) can add and manage devices across multiple customer organizations in Trio. The Devices section within MSP mode enables centralized visibility and controlled enrollment into specific client tenants, while preserving organizational boundaries.
Overview
In Trio MSP, devices are always scoped to a specific organization (tenant). As an MSP administrator, you must first select the target organization before initiating enrollment. This ensures device ownership, policy assignment, and licensing are correctly applied at the tenant level.
From the Devices section, you can:
View all enrolled devices within the selected organization
Monitor device health and last seen status
Review OS version and serial number
Track enrollment date
Check assignment to end users
Add new devices to a specific organization
The device list provides operational visibility across platforms including macOS, iOS/iPadOS, and Windows.
Accessing the Devices Section
From the left navigation panel, click Devices.
If no organization is selected, you will see the onboarding view prompting you to add devices.
Click Add new (or Add from the top-right corner).
At this point, Trio requires you to select the organization where the device(s) will be enrolled.
Step 1: Select an Organization
When you click Add, the Select an organization panel appears.
This step defines the tenant boundary for device enrollment. Devices cannot exist outside an organization context in MSP mode.
The organization selection table includes:
Name – Organization legal or display name
Region – Hosting/data region (e.g., EU, US, UA)
Portal link – Tenant-specific management URL
Owner – Primary administrative contact
Trio license status – Active, Expired, or Renewal required
Important Considerations
Devices can only be added to organizations with an Active license.
If the license is expired or requires renewal, enrollment will not proceed.
Region determines data residency and compliance boundaries.
To select an organization:
Use the search bar or sorting filters if needed.
Review license status.
Click Select next to the desired organization.
Once selected, the system context switches to that tenant, and device enrollment options become available.
Step 2: Add Devices
After selecting an organization, you are redirected to the Devices view for that tenant.
From here:
Click + Add in the top-right corner.
Choose the enrollment method (platform-specific options may appear depending on configuration).
Although enrollment methods vary by platform, common approaches include:
Agent-based enrollment
Automated Device Enrollment (ADE/ABM for Apple)
QR-based or manual provisioning
Windows provisioning package
Email-based enrollment invitation
Each method registers the device with the Trio backend and associates it with the selected organization.
Understanding the Device List View
Once devices are enrolled, they appear in the Devices table with real-time status indicators.
Key columns include:
Name – Device hostname or assigned name
OS – Operating system and version
Serial number – Hardware identifier
Last seen – Most recent heartbeat timestamp
Assigned to – End user mapping
Enrollment date – Timestamp of initial registration
Status Indicators
🟢 Green dot – Device online
🔴 Red dot – Device offline or unreachable
Warning icon – Compliance or health issue
The device list supports sorting and filtering by:
Assigned user
Enrollment date
Platform
Name
This enables MSPs to manage large multi-tenant environments efficiently.
Device Assignment
Devices may be:
Assigned to a specific user
Left unassigned (shared device)
Reassigned later as needed
Assignment impacts:
Policy targeting
User-based restrictions
Reporting context
Security posture tracking
Best Practices for MSP Device Enrollment
Always verify license status before onboarding devices.
Confirm the correct organization context before adding devices.
Use naming conventions aligned with customer standards.
Assign devices to users immediately to ensure policy inheritance.
Monitor last seen timestamps to detect inactive or misconfigured endpoints.
Operational Model in MSP Mode
In MSP architecture:
Each organization operates as an isolated tenant.
Devices inherit policies from their assigned organization.
Logs, compliance rules, and configurations remain tenant-scoped.
MSP administrators operate across tenants but do not merge device inventories.
This separation ensures data isolation, regulatory compliance, and clean operational segmentation across customers.