IT Admins can save valuable time and resource costs onboarding new users by creating policy group templates. Instead of manually configuring a new policy group for each user, Admins can create, access, and apply these policy groups to any of their organizations. Get your new users up and running quickly and smoothly.
Note: This feature is available to MSP Admins as well.
- Admin with Billing role permissions is required to create templates.
- There are three options available offering different levels of security in the form of bundled, ready to use policy groups:
Light Security Policy Groups:
The Light Security Policy Group is for Admins looking to provide users with a minimally restrictive experience while enforcing critical security against everyday threats with targeted security policies like firewall controls, sign-on requirements, disk encryption, device storage, and configuring account statuses.
Standard Security Policy Groups:
The Standard Security Policy Group is for Admins looking to provide users with a moderately restrictive experience while enforcing critical security measures. This group contains everything in the Light security tier plus extra features like file and app-sharing restrictions, secure startup settings, SSH access and security, file ownership, permissions, and storage management.
Enhanced Security Policy Groups:
The Enhanced Security Policy Group is for Admins looking to provide significant device protections with maximum restrictions on the end user. The group contains everything in the Light and Standard tiers, plus features like system hardening, app and app store/software restrictions, remote assistance, blocked profile installation, control panel access, and notification settings.
Note: To download a Security Policy Group CSV file, see the Files section on the right hand side of this article, and click to download from there.
Creating a Policy Group Template
To create a policy group template:
- Log in to your Admin Portal: https://console.jumpcloud.com.
- Launch an Organization.
- Go to DEVICE MANAGEMENT > Policy Groups.
- Click ( + ) then select Policy Group From Template. JumpCloud offers three levels (Light, Standard and Enhanced) of pre-set security policy group templates that are ready for you to use.
- Click Create to generate a new policy group template. To find your template, return to the Policy Group Home and look for the JumpCloud one you just created.
- Click on it to pull up Details for the Policy Group template. You can rename it or add a description from here.
- Click the Policies tab to see a list of all the Policies applied in this template. You can unbind policies from the group by unchecking the policy and clicking save.
- Click the Device Groups tab to see all of the Device Groups this security policy group is being applied to. You can unbind device groups by unchecking the device group and clicking save.
- Your newly created policy group will be available for use the next time you go to create a policy from a template.
Note: This saves a local copy of the policy group to the org, and stores it as a template that can be accessed and applied to any of your tenant orgs.
The following policies are blocked from being saved as a template due to containing sensitive information:
Policy Group Template Blocked Policies
|Password||Global HTTP Proxy||macOS|
|Password||Global HTTP Proxy||Darwin|
Managing Policy Group Templates
To manage your policy group templates:
- From your Admin Portal, go to DEVICE MANAGEMENT > Policy Groups.
- In the top right corner, click Manage Policy Group Templates.
- The next page lists out all of your policy group templates.
- Click Edit next to the one that needs changes made to it.
- On the Details tab, you can edit the Name and Description.
- Click on the Policies tab to add or remove any policies from this template.
- Once your changes have been made, click Save.
- If you need to delete a policy group template. Click Delete next to the template, then verify your selection by clicking Delete again.
Note: Any policy that was created based on these will remain unaffected.