This is how the unmanaged detector works:
The machine assigned as the "Unmanaged Detector" collects the MAC addresses of all the computers in its subnet (by capturing the MAC addresses in the broadcasts done by other computers in the network, or when a computer directly communicates with the machine that is acting as the unanaged detector).
The list of MAC addresses collected by the above process is sent to the SEPM.
SEPM tries to match those MAC addresses one by one with the MAC addresses of the client that are already registered with SEPM (and has an entry in SEPM already). If a MAC address is already associated with a registered client in SEPM, it is ignored. If a MAC address (in the list) is not associated with any of the registered client in SEPM, the MAC address is termed as "Unknown" and the machine name of that MAC address is termed as "Unmanaged" client.
In the above process, for the Unmanaged detected to work, the assigned client need to collect the MAC addresses of the rest of the clients in the network from broadcasts sent by them. If broadcasting is blocked in hostlevel, then the unmanaged detector may not work. In such cases, assigning a local server with which all the clients will connect may help.