What JumpCloud Policies Should I Enable?

Written by Brandon White on September 2, 2020

Share This Article

Options are great. Decision fatigue is not. That’s why we’re breaking down the must-have JumpCloud policies to make it easy to get started.

JumpCloud®’s GPO-like policy library is extensive, along with the ability to write any custom command or script and execute that on your fleet of systems. This ensures that, no matter what your organization’s priorities, we can help you deliver on your IT needs. It also means that we often get the question, “What JumpCloud policies should I enable?” 

Of course, you should ultimately select policies with your organization’s unique circumstances in mind. But as you determine what exactly that means for your teams, we can give some suggestions to get you set up.

JumpCloud’s policies apply across Windows®, macOS®, and Linux® systems. Plus, we enable IT administrators and managed service providers (MSPs) to develop custom configurations and settings based on their needs. Let’s break it down so you can decide what’s best for your organization from the comprehensive list.

Getting Started With JumpCloud Policies

Essentially, policies provide administrators the capability to set security features or apply uniform configurations across fleets of systems. 

First and foremost, we recommend starting from a security perspective. Once a system has been secured, it can be optimized for performance and usability. 

Insider’s look: A core tenet of JumpCloud is its ability to secure identities and systems alike. As you explore all of the policy options, you’ll notice that many relate directly to this objective.

As a first pass, JumpCloud’s recommendation — without the benefit of understanding the specific environment — is to enable the following policies:

Multi-Factor Authentication

One of the most significant steps that an IT organization can take to step-up security is adding multi-factor authentication (MFA).

By using MFA, admins create multiple layers of security. It’s effective because the authentication factors are mutually exclusive, meaning that compromising one doesn’t compromise the other. 

Although it’s not technically a “policy” in JumpCloud parlance, MFA is so critical that we pull it out as an organization-wide setting. Our belief is that two-factor authentication is one of the most valuable security mechanisms an IT organization can enable. You get MFA included for free with your JumpCloud account, across systems, applications, and even VPN networks.

Full Disk Encryption

At a high level, full disk encryption (FDE) improves hard drive security. With FDE, a computer’s data is encrypted during periods where the machine is off. This ensures that stolen devices don’t result in security breaches.

With JumpCloud’s policy, IT admins can enable FDE for their entire fleet, plus automate the enforcement of FDE on new employees’ systems. A key issue with FDE is the secure storage of recovery keys. JumpCloud enforces the creation, management, and secure storage of individual recovery keys per user and machine. 

Screen Saver Lock

As the name suggests, a screen saver lock allows admins to preset the amount of time that a system can remain idle before the system locks down. Once the screen locks, the user must log in with their credentials to access the system. This can be even critical in remote work situations where third parties are able to access a corporate-owned machine.

Enable Patches and Updates

JumpCloud’s system updates policies institute a configurable process of deferment time period between when an update is released and when it is applied to an organization’s fleet.

This policy allows admins to select how many days to defer updates on macOS. For Windows systems, the policy allows for even more customization: IT admins can specify the time, day of the week, and frequency of updates.

Disable Guest Accounts

The disable guest account policy ensures that only authorized users can access the machine by removing guest access.

With this policy, IT admins are able to make changes directly to a system’s native settings. Admins can then deploy these policies remotely across their entire fleets.

There are, of course, dozens of other policies that could be applicable to a network, but we have centered on ones that are more related to security. Other policies that JumpCloud enables are available here. If you have a suggestion for a policy, we’d love to hear from you.

Want to Build Your Own?

If for some reason a policy isn’t available and you want to get started on it before JumpCloud can, we offer three mechanisms to develop the capability yourself. 

1. Command Runner Functionality

Our command runner functionality enables you to write commands or scripts that can be executed on machines or groups of machines using any language that can be understood by your target system(s).

2. For Windows: Custom Registry Key Policies 

The second approach – which is directed at Windows machines – is to leverage our custom registry key policy which will let you configure virtually any setting on the system. 

3. For macOS: Custom Profile Functionality

Finally, you can use our custom profile functionality through Apple MDM protocols to completely customize your macOS device and fleet.

Ready to Get Started?

With off-the-shelf policies from JumpCloud and the ability to take custom actions on each of your machines, your IT organization will have full control over your fleet of systems.

More resources for JumpCloud customers:

Not a customer yet? Sign up for a JumpCloud Free account. You can add up to 10 users and 10 systems to start testing these policies and more. If you need more help, you have 24×7 in-app chat support available to you for the first 10 days of your free account.

Brandon White

Brandon is an enthusiast, solutionist, and JumpCloud’s Technical Evangelist, active in journalism and IT in cities across the US for over 25 years. Pick his brain on Slack in the JumpCloud Lounge: http://ow.ly/seTs30qO7WX

Continue Learning with our Newsletter