Security policies in Systems Manager (SM) networks can be used to monitor a number of security related items on enrolled clients. Compliance information can then be used to generate scheduled reports, or control deployment of profiles (using tags) to clients. This article will walk through the configuration and use of security policies.
Note: Some security policy features are not available for Legacy SM users. Differences will be indicated where relevant.
If additional policies need to be configured, click Back to list and repeat from Step 2.
Note: Legacy SM users can only have one policy, which is only used for security reports. Thus it cannot be deleted. Instead, delete any undesired reports.
Once a security policy has been created, security reports can be used to automatically send compliance reports to configured administrators or e-mail addresses.
To delete a report, simply click the X in the Delete column next to the report. Then click Save Changes.
To control who should receive the scheduled reports, use the Delivery settings section of the Configure > Alerts page.
There are few different ways to determine if a client is compliant with a security policy.
To check an individual client:
To check multiple clients:
Similar to other types of tags, security policy compliance can be used to dynamically control which client devices will receive a particular profile. Both "Compliant" and "Violating" tags will be available for each configured security policy in the Scope for a given profile.
The example image below shows the Scope for a profile containing VPN settings, which should only be pushed to devices with the "vpn" tag and are compliant with the security policy indicated.
Note: This feature is not available for Legacy SM users.
Please review our documentation for more information on the application of tags and scoping.