Get Started: Policies

Use JumpCloud policies to remotely manage devices in your organization, customizing managed devices and keeping them secure and compliant. You can save time by creating JumpCloud policies to remotely apply a set of rules to one managed device, a group of devices, or your entire fleet.

Understanding Policy Assignment Scopes

Assigning policies and configuration profiles is a core part of enforcing rules for how users access corporate data and use their devices. You can target these assignments to be either device level (how JumpCloud policies traditionally worked) or assigned to the specific user operating the device.  

Defining User Level vs. Device Level Policy Assignment

The distinction between these two assignments is central to modern endpoint management:

  • Device-Based Assignment: Applies universally to the hardware, regardless of the active user. Tied to the device's identity, this approach modifies system-wide configurations. It is ideal for baseline security, device-specific features (like BIOS), and shared environments such as kiosks or lab computers.
  • User-Based Assignment: Tied to a user's identity via a directory service. These policies "follow" the user across enrolled devices. Because this method affects the specific user profile rather than the whole machine, it is essential for delivering personalized experiences, role-based access, and managing BYOD scenarios.

Use Cases and Benefits of User Level Policies 

Targeting policies based on user context unlocks several critical capabilities:

  • Shared Device Management: Delivers distinct configurations and access levels depending on the logged-in user (e.g., Apple's Shared iPad or Windows multi-user setups).
  • BYOD Enablement: Secures corporate data without managing personal devices. IT can apply App Protection Policies (MAM) or work-specific profiles directly to the user's managed context, leaving personal data untouched.
  • Personalization and Productivity: Provides a consistent experience by delivering user-specific apps, drive mappings, and settings, regardless of the corporate device being used.
  • Role-Based Access Control: Grants access to resources (apps, VPNs, Wi-Fi) or enforces restrictions based on a user's specific role, department, or group membership.

Managing Device and User Level Policies in JumpCloud

As an IT Admin, you can also add multiple policies to a new policy group and assign that policy group to a device group. A policy group saves you time by letting you efficiently implement security or compliance-related measures across a large number of managed devices. As a best practice, you should create OS-specific policies.

After a policy takes effect, you can view a policy's status or review the log file to determine if the policy requires additional changes. After you apply a policy, the JumpCloud agent on an individual device continuously compares the local policy with the policies you set in JumpCloud. If a user modifies the device policy, JumpCloud automatically modifies the device's policy to comply with the JumpCloud policy. This process ensures that JumpCloud policies and local devices are kept in sync. JumpCloud policies do not support non-English locales.

Applying policies lets you customize these types of managed devices and make them more secure: 

  • Windows
  • MacOS
  • iOS and iPadOS
  • Linux
  • Android

Some policies you create provide a list of options for you to specify, enable, or disable. For example, when you create a policy for Windows devices to control the use of Help, you can configure the following settings:

  • Restrict potentially unsafe HTML Help functions to specific folders 
  • Restrict programs from being launched from Help 
  • Turn off Data Execution Prevention for HTML Help Executable

Tip:

If you want to implement zero trust security, a conditional access policy secures access to resources based on conditions by user or user group. See Get Started: Conditional Access Policies.

JumpCloud also supports user-level policy targeting, which gives:

  • Granular MDM Control: Windows and macOS policies can be scoped directly to the logged-in user rather than just the device, providing precise control on both shared and individually assigned computers.
  • Personalized Configurations: Ensures that different users on the same shared workstation safely receive their own tailored settings.
  • Simplified Administration: Eliminates the need for complex workarounds, such as managing separate device groups or performing manual reconfigurations for multi-user setups.
  • Effortless Deployment: Admins only need to assign a policy once to a user or user group; JumpCloud automatically handles delivery the moment the user logs in.
  • Enhanced Zero Trust Posture: Strengthens security by tying critical access credentials (such as certificates and VPN tunnels) to a verified user identity using a UPN or SID, rather than relying strictly on device possession.

 See Create a Policy to learn more.

Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case