Applying Group Policies to Systems Manager (MDM) Devices using Tags
Sentry Policies enable dynamic group policy applications in Security Appliances and Wireless networks based on clients' device posture or user information collected from Systems Manager MDM or Agent-enrolled endpoints.
Creating MDM Sentry Policies
- Configure a group policy (or policies) on the desired Security Appliance or Wireless network.
- Navigate to Network-wide > Configure > Group policies.
- Under the "Systems Manager Sentry Policies section", click Add a new group policy MDM scope.
- Select the Systems Manager network that contains the devices and tags to be used.
- Choose the Tag scope that determines how the specified Tags will be used. For more information, refer to the article on using tags in Systems Manager.
- Select any desired Tags that will be matched against. These can be manual or auto tags.
- Select the group policy that should be applied to devices matching the tag criteria.
- If additional policies need to be created, repeat steps 3-7 as needed.
- Click Save Changes.
Remember that policies are processed in descending order based on priority (leftmost column) and only apply to the first match. Thus, only the highest priority policy will be used if a device is within the scope of two or more policy mappings. To reorder the policies, drag the move icon (four-directional arrow) in the Actions column.
Deleting or Modifying Sentry Policies
To delete a Sentry policy:
- Click the X in the Actions column for the desired policy.
- Click Save Changes.
To modify a Sentry policy:
- Make any desired changes to any of the columns.
- Click Save Changes.