Get Started: Policies

Use JumpCloud policies to remotely manage devices in your organization, customizing managed devices and keeping them secure and compliant. You can save time by creating JumpCloud policies to remotely apply a set of rules to one managed device, a group of devices, or your entire fleet.

Importance of User Context in Device Management

Mobile Device Management (MDM) and its evolution provide frameworks for enforcing organizational rules on how end users utilize devices and access corporate data. A core aspect of this enforcement is the ability to assign policies and configuration profiles. The target of these assignments—either the device itself or the user operating it—fundamentally changes how management is applied and experienced.

User-Based and Device-Based Policy Assignment

The distinction between user-based and device-based policy assignment is central to modern endpoint management:

• Device-Based Assignment: Applies universally to the hardware, regardless of the active user. Tied to the device's identity, this approach modifies system-wide configurations. It is ideal for baseline security, device-specific features (like BIOS), and shared environments such as kiosks or lab computers.
• User-Based Assignment: Tied to a user's identity via a directory service. These policies "follow" the user across enrolled devices. Because this method affects the specific user profile rather than the whole machine, it is essential for delivering personalized experiences, role-based access, and managing BYOD scenarios.

After a policy takes effect, you can view a policy's status or review the log file to determine if the policy requires additional changes. After you apply a policy, the JumpCloud agent on an individual device continuously compares the local policy with the policies you set in JumpCloud. If a user modifies the device policy, JumpCloud automatically modifies the device's policy to comply with the JumpCloud policy. This process ensures that JumpCloud policies and local devices are kept in sync. JumpCloud policies do not support non-English locales.

Applying policies lets you customize these types of managed devices and make them more secure: 

• Windows
• MacOS
• iOS and iPadOS
• Linux
• Android

Some policies you create provide a list of options for you to specify, enable, or disable. For example, when you create a policy for Windows devices to control the use of Help, you can configure the following settings:

• Restrict potentially unsafe HTML Help functions to specific folders 
• Restrict programs from being launched from Help 
• Turn off Data Execution Prevention for HTML Help Executable