Applying Group Policies to Systems Manager (MDM) Devices using Tags
Group policies on Security Appliance and Wireless networks can be automatically applied to Systems Manager MDM clients based on available tags. This allows even the network's treatment of a device to be handled from within the MDM platform.
Creating MDM Sentry Policies
- Configure a group policy (or policies) on the desired Security Appliance or Wireless network.
- Navigate to Network-wide > Configure > Sentry policies.
- Click Add a new group policy MDM scope.
- Select the Systems Manager network that contains that devices and tags to be used.
- Choose the Tag scope that determines how the specified Tags will be used. For more information, refer to the article on using tags in Systems Manager.
- Select any desired Tags that will be matched against. These can be manual or auto tags.
- Select the Policy which should be applied to devices matching these criteria.
- If additional policies need to be created, repeat steps 3-7 as needed.
- Click Save Changes.
Keep in mind that policies are processed in descending order and only apply the first match. Thus if a device is within scope for two policy mappings, only the first will be used. To reorder the policies, simply drag the move icon (four directional arrow) in the Actions column.
Deleting or Modifying Sentry Policies
To delete a Sentry policy:
- Click the X in the Actions column for the desired policy.
- Click Save Changes.
To modify a Sentry policy:
- Make any desired changes to any of the columns.
- Click Save Changes.