A question often asked by MaaS360 users is Why are my policies not applied to devices. One potential reason is that they need to be set correctly. This blog post will look at how you can avoid this and some tips a tricks to help you ensure that your devices remain in policy throughout your deployment
Is the policy published?
If you are anything like me you spend ages writing an email then get distracted and forget to hit send. Your beautifully crafted email is saved to drafts and you forget about it completely until someone reminds you that you still need to respond to them. Something similar applies to polices in Maas360. You can spend ages on the policy, save it but of you don’t hit publish then the policy just sits on your portal and is never applied to the devices.
This can easily be checked in the Security> Policies menu. As you can see below some of the policies are set to Draft or Needs Publish. This means that regardless of any other settings we discuss below they will not be applied to devices
Draft means that changes to the ‘base policy’ (see this blog for how to create new policies) have not yet been saved. And Needs Publish means that while the changes have been saved they have not yet been pushed to devices which already received the policy. To make sure that changes to policies are applied, you need this select the policy you wish to publish, then select the Save and Publish option shown below
Is the policy applied to certain groups?
If you distribute policies to device groups, then the policies will only apply to devices being found in the expected group – here your group definitions (search criteria) become important.
You can see your list of device groups in Devices > Groups.
As you can see here, the list of groups also shows what polices are applied to each group. By clicking devices under each group name, you will see the list of devices in each group. If your device is not in the group, then policies applied to the group will not apply to your device.
Are your devices set up with Android Enterprise?
For the Android users amongst us, if you are using Android Enterprise ( and if not Why Not) you may notice that some of your policy settings are not applied to the Android Enterprise devices. This is because devices enrolled using Android Enterprise have a different section in the polices.
If you have Android Enterprise enabled devices then you will need to set the policy settings for them in the Android Enterprise can be found in the security policy you want on the right hand menu under Android Enterprise settings. You will need to set everything in there and they will all apply to Android Enterprise enrolled devices( provided the policies and groups advice is followed)
Is my precedence right?
I have spoken about precedence before but a reminder is in order as setting precedence is important to making sure that policies are applied in the correct order In the event that a device has more than one policy applied to it then the policy that is higher in the precedence list is applied.
MaaS360’s default precedence is as follows
|
1
|
Compliance Rule
|
|
|
2
|
Location
|
|
|
3
|
Group
|
|
|
4
|
Device
|
|
|
5
|
User
|
|
|
6
|
Default
|
|
If you wish to change the order of precedence you can do so by following the steps below
From the MaaS360 Portal Home page, select Security > Policies.
- Click Precedence. .
- Drag and drop the policies to change the precedence.
- Click Save.
Important: be careful what you change here – if you change priority then if devices are in multiple groups they may receive a different policy and configurations may change!
So that covers the most common issues around Security policies not applied to devices. Hope this helps with your deployment