Configuration Templates
The 'Configuration Templates' section lets you create and manage profiles for Android, iOS, Mac, Windows and Linux devices.
- Each profile lets you to specify a device's network access rights, overall security policy, antivirus scan schedule and other settings.
- Once created, profiles can be applied to devices/device groups and users/user groups.
- You can also add procedures and monitors to a profile (Windows devices only).
- Procedures let you automate a range of tasks on your protected endpoints. Example procedures include patch installation, disk de-fragmentation and so on. Procedures can also be deployed as stand-alone instructions.
- Monitors are scripts which track events on your endpoints and take specific actions if their conditions are met. For example, 'Alert me when a USB removable disk is connected to the system', or 'Create a log entry if CPU usage goes above 75% for a certain length of time'.
- Alerts – You can configure monitors to generate alerts if their conditions are met.
- The 'Alerts' area contains templates which specify general settings for those alerts.
- For example, 'Create a ticket on service desk', 'Create a notification in the portal', 'Send a notification to the following users'.
- You can create different alert templates and apply them to different monitors as required.
The 'Configuration Templates' tab contains the following sub sections:
-
Profiles - A list of every profile added to Endpoint Manager.
- A profile lets you define a device's security policy, network access rights, antivirus scan schedule and other settings.
- 'Default Profiles' are applied to newly added devices if no user or user group profile exists. Default profiles are available for iOS, Android, Mac OS, Windows and Linux devices
- You can mark custom profiles as 'default' if you wish.
- Profiles can be applied to individual devices/users, device groups and user groups. You can add new profiles, export profiles, and import profiles.
- Alerts - Alert templates govern what happens when you receive an alert from a procedure/monitor. For example, an alert template can tell EM to send you a notification if the conditions of a monitor are met.
Unless you change it, the ‘Default Alert’ settings are applied to new monitors/procedures. Click ‘Configuration Templates’ > ‘Alerts’ then click on ‘Default Alert’ to view these settings. You can also create custom alert templates as required.
See 'Manage Alerts' for more details.
- Procedures - Contains a list of predefined and custom procedures that can be executed on enrolled devices. Procedures can be run ad-hoc on selected devices or scheduled in a profile to run at set intervals. See 'Manage Procedures' for more details.
- Monitors - A monitor is a script which tracks events on your network and takes specific actions if its conditions are met. For example, ‘Alert me when a USB removable disk is connected to the system’, or ‘Create a log entry if CPU usage goes above 75% for a certain length of time’.
You can add a monitor to a Windows profile by adding a 'Monitoring' section. See Manage Monitors for more details.
- Data Loss Prevention - Data loss prevention (DLP) discovery rules let you scan managed devices for files that contain sensitive information. For example, credit card numbers, social security numbers etc.
- Discovery rules let you specify the areas you want to scan, and the type of data you want to search for.
- You then add the rules to profiles.
- See Data Loss Prevention Rules for help to configure the rules.
The interface lets you:
- You can view discovered files at 'Security Subsystems' > 'Data Loss Prevention'