Support

MPA Tools use Cryptlex for secure licensing.

To activate and verify a license or a trial, outbound communication is required between MPA Tools and Cryptlex servers.

If you have an outbound Firewall rule in place, you need to whitelist the Cryptlex API

Firewall whitelisting

Whitelist the IP addresses below.

• 52.223.22.71
• 35.71.188.31

Alternatively, you can also whitelist the Cryptlex Web API URL:

https://api.cryptlex.com:443

Proxy

MPA Tools automatically detects the proxy settings of the machine. In some cases, you may need to configure the proxy setting manually.

Following are some examples of valid proxy strings

http://127.0.0.1:8000/

http://user:pass@127.0.0.1:8000/

socks5://127.0.0.1:8000/

To configure Proxy settings, go to the MPA Tools Settings menu and add your proxy configurations as per example above.

With MPA Tools, you can remotely manage one or multiple domain computers. Below we listed everything you need to configure your environment.

1. Access

• Read access to Active Directory to read AD attributes of a computer object, such as OS, when a computer was created, etc. (in most cases, all users have read access to computer object attributes in AD,  and usually no specific access configurations are needed)
• Optional: Delegated permissions to computer objects in AD if you want to use MPA Tools to delete, move or update computer objects in AD
• Local Administrator permissions on a remote computer

2. Firewall

When you start managing computers in MPA Tools, the first action you take is to PING or DISPLAY computer(s).

• DISPLAY computer uses LDAP/Graph API query(if AAD settings are configured) to query device information such as Operating System, etc. For the LDAP queries to work, you want to ensure you have allowed LDAP ports for querying from a computer with MPA Tools installed.
• PING as DISPLAY option uses LDAP plus, but additionally, it sends Internet Control Message Protocol (ICMP) Echo Request to a specified interface on the network and waits for a reply. For PING to work, you need to allow ICMP inbound traffic through Firewall on remote computers (This is optional if you are not planning to Ping computers)

When accessing the domain joined remote computer, the MPA Tools uses WMI to access computer information remotely.

For that, you need to open Inbound RPC port 135, and additionally, you may need to open a dynamic RPC port range (49152-65535)

Configure the above Firewall settings with GPO.

3. Main Configurations

MPA Tools has excellent flexibility regarding configurations and tuning the application to your liking.

1. “Load AD device stats on Main page” – Enable/Disable loading AD device stats. MPA Tools purely uses LDAP to collect the information. Data is loading on a background on a separate thread and does not prevent the user from taking any actions within the application.             

2. “Load AAD device stats on Main page” – Enable/Disable loading Azure AD device stats. Must have Tenant configurations in place for this option to be available. This workload, as the above AD device collection workload, runs in the background and uses MS Graph API to collect the data

3. “Load MECM device stats on Main page” – Enable/Disable loading MECM/SCCM device/SCCM client stats. Background workload that connects directly to the SMS Provider to get the data. For this configuration to work, all SCCM configurations, such as Site Server name, etc., must be in place.

4. “Always Display Computers, don’t Ping then” – Enabled by default, allows user to select whether to Ping computers by default or Display

4.1 “Automatically open Computer Properties with pinging or Displaying [number] or less Computer(s)” – By default, the setting is set to 1, meaning when Pingin or Displaying one computer Computer Properties tab is opened, data will start loading. Set to 0(Zero) if you do not want to open Computer Properties; you can always open Computer Properties later by double-clicking on a computer object. Setting the setting to 3, for example, will open Computer Properties on all three computers at the same time.

5. “Start with continuous ping if number of computers is less than or equals [number]” – By default, the setting is set to 1, meaning when you PING computers, if the amount of computers you are pinging is 1, then the ping will be continuous by default. For example, changing the setting value to 4 will PING 4 or fewer computers every time you PING 4 computers.

5.1 “Default Ping period [number] seconds” – How often to ping computer(s) if computers are being pinged continuously. The default value is 10 seconds

5.2 “Prefer IPv4” – When pinging remote computers, always prefer IPv4. The default setting is IPv4. If IPv4 is selected, IPv6 IP addresses will be ignored entirely (This does not apply to data collected from SCCM or Intune).

5.3 “Reverse DNS IP lookup” – When pinging a computer by computer name, the IP address is resolved from DNS; however, reverse IP lookup could preset different results and help surface DNS issues. This setting is enabled by default. Consider turning off this setting to improve performance when working simultaneously with more than thirty computers.

4. Computer Properties Configurations

MPA Tools Computer Properties relies on a “line-of-sight” connection between Computer where MPA Tools is installed and the remote computer(s) the administrator is planning to manage. In the majority of cases, Computer Properties will be displayed for Domain, Hybrid AD, or WORKGROUP joined computers. If a remote computer is, for example, Azure AD joined, Computers Properties will not be displayed; instead, Intune Computer Properties will be opened.

1. “Domain Name” – Detected on the first run of MPA Tools. You can change this setting to a different Domain name, but make sure that you run MPA Tools as a user that has all the necessary access to that domain.

2. “Timeout when connecting to remote computer [60] seconds” – When connecting to a remote computer, how long to wait until abandoning the connection. In some cases, with remote computers that have very high latency, consider increasing this setting.

3. “Data Collection Timeout [60] seconds” – How long to wait before interrupting data collection. This setting applies to the Computer Properties page data, such as the Last Restart time or Reboot pending. Increase if you have a longer time connecting to a remote device.

4. “Properties Refresh every [60] seconds” – How often to refresh data on the Computer Properties page. One thing to note is that some configurations, such as “Applied GPOs” or “Load Installed Apps” do not respect this setting and, once loaded, have to be refreshed manually. 

5. “Properties Refresh count [200] times” – How many times to refresh the Computer Properties page before pausing. For example, the Computer Properties page refreshes every minute and will take 200 minutes before the last refresh. After that, a single manual refresh will restart the count. This is done to prevent unnecessary data collection from a remote computer when the administrator “walked away.”

6. “Options when Property Page loads” – Allows a user to configure which components to load when the Computer Properties page is loaded. Once unselected, the property will not be visible on the Computer Property page.

MPA Tools lets you quickly connect to Microsoft Graph and manage Azure AD and Intune devices.

Note: MPA Tools has its own Microsoft-verified Azure Enterprise application that allows you to connect to Graph API and access the requested resources; however, you can use other existing Azure apps, such as Intune Powershell app, or configure your own.

1. Access

Intune Administrator role is sufficient for an Administrator to perform all the Intune actions in MPA Tools.

Some actions or information on the Intune Properties page may not be available or enabled if you use custom roles.

2. Configurations

When you launch an application for the first time, MPA Tools will check if a device is running on Azure Ad or Hybrid AD joined, and based on that, will configure the Tenant ID. Tenant ID can always be changed later if needed.

If Tenant ID is configured, the application will ask for the MPA Tools enterprise application consent so that you can access the required resources.

You can Grant consent for an organization or a single user.

If configured to “Automatically connect to Azure AD when application starts, “ MPA Tools will default to use the account it is running under and try to sign in to Azure AD with that account. Sometimes you may need to use another Azure AD admin account just for using Azure/Intune components of MPA Tools; in that case, you can select “Always ask to select account” so that every time the application starts, you will be prompted to select an account.

AAD device properties refresh time setting configures how often to refresh the Intune Properties page. In other words, how often to query Graph API for computer properties, such as device operating system, hardware properties, etc.

5 to 15 min is the recommended setting.

“Do Not Connect to Azure Intune to Collect Property values when Opening Computer Properties” – This setting allows an administrator to connect to Azure AD on the app start but will not automatically connect and query to Graph API when opening up Computer Properties.

“Do Not Collect Properties from Azure AD and Intune on Server OS’s” – MPA Tools will completely ignore any information from Azure AD, Defender 365, or Intune on server OS’s if this setting is selected.

Following settings allows an administrator to control what gets loaded on the Intune Properties page when accessed.

Administering computers in Workgroup with MPA Tools is a very straightforward process.

A few simple steps are required to be configured manually on remote computers.

1. Common Workgroup name – make sure that all computers are in the workgroup with the same name (example: WORKGROUP)

2. Same local administrator account exists on all computers. For example, if you are running MPA Tools as a user called “Admin,” make sure that “Admin” exists on all remote computers and has local administrator rights (member of the Local Administrators group).

3. Make sure that the “Private network” firewall on All remote computers allows remote administration traffic as well as ICMP (Ping) traffic.

Note that you can configure remote administration by Local Policy or the registry.

After all, the steps are completed, you can start managing devices.

One quick way to understand what is on your network is to Ping devices on your subnet.

You can easily configure MPA Tools to work with its own database. Even though it is not a hard requirement and MPA Tools functions without a database on its own. Sometimes it is great to have an additional source of data when an endpoint is not online, for example, or information about a device is missing from other databases, such as Active Directory or SCCM. If you are using MPA Tools to support just WORKGROUP computers, you most likely need MPA Tools to have its own database attached.

How does it work? 

Pretty simple: When MPA Tools connects to a remote computer, it pulls data about the computer from multiple sources.

For example, it pulls data from the SCCM database, Active Directory, Intune, Azure AD, and of course, directly from the remote computer.

Depending on which source of data for a specific item is newer, that data is displayed and, at the same time, saved to the MPA Tools DB.

It all starts with Computer Properties Refresh time; it does not only represent the last time the data was collected from a remote computer but also shows when the BD record was updated.

Let’s take, for example, OS Patch numbers. Imagine a scenario where you connect to a remote server, and it is offline.

MPA Tools pulls information about this server from multiple services, for example, the SCCM database.

If the MPA Tools record is newer than the record in the SCCM Inventory, the MPA Tools record will be displayed on the Computer Properties page.

However, you can still query SCCM Device properties and see what SCCM is reporting about the OS Patch numbers. The same goes for the directories, Such as AD, AAD, and Intune.

How to configure it?

MPA Tools database can be on the local computer, and every administrator can have their own copy or the database can be centralized and hosted on an SQL server with its own instance.

1. Configure a SQL Express locally, or if you have an instance already configured, you can use it too.

2. Get a Connection string, in my case, it is COMPUTERNAME\SQLEXPRESS (Fully qualified instance name)

Note: If you connecting to an existing Database, you just need to provide the SQL Connection string and Click the “Connect to Instance” button.

3. For the new MPA Tools database. Select File locations, which can be shared or network paths.

Click on the “Create Database” button

Confirm the locations of the files, and click Yes

MPA Tools will configure all the necessary components and will connect to the Database automatically

End User License Agreement                          Privacy Policy