Managing Policies
In WSO2 EMM, administrators can define policies, which include a set of configurations. WSO2 EMM policies are enforced on the EMM users' devices when new users register with the EMM.The EMM policy settings will vary based on the mobile OS type. For more information, see EMM policy settings.
Check out the following sections to manage policies.
Policy enforcement criteria
The following section describes how policies will be enforced on devices that register with EMM:
- Step 1: Filtering based on the Platform (device type)
The policies will be filtered based on the mobile platform so it matches the platform of the registered device.
- Step 2: Filtering based on the device ownership type
Next, the policies will be filtered based on the device ownership type (BYOD or COPE) so it matches the device ownership type of the registered device.
- Step 3: Filtering based on the user role or name
The policies will be filtered again to match the device owners username or role. - Step 4: Enforcing the policy
Finally, the policy having the highest priority out of the pool of filtered policies will be enforced on the registered device.
Compliance monitoring
Administrators are able to monitor the compliance status of all the devices connected to the EMM server. At the time of configuration, the administrators will be able to specify the compliance monitoring period, which will define the time interval between two compliance monitoring instances. EMM will carryout the admin defined actions (i.e., acknowledge, warning and enforce) when a device is non-compliant with the assigned policy. If the enforced action is selected for a given policy and a user by passes the policy, EMM will re-enforce the policy back again on the users device. (Example: The camera is disabled via the camera restriction policy and the enforce action was selected as the compliance type. If a user through some mechanism enables the camera in the device then the camera restriction policy will be re-enforced on the device again so that the camera on the device will be disabled again.)
What's next
- Available Policies
- Adding a Policy
- Editing a Policy
- Managing Policy Prorities
- Publishing and Unpublishing a Policy
- Removing a Policy
- Searching, Filtering and Sorting Policies
- Viewing Policies
This section describes the terminology used in EMM when defining policies, so you will be familiar with the terms to better understand the steps defined under each sub section under managing policies.
Features
The functionalities supported by each device type.Profile
A profile in the context of EMM refers to a collection features that is supported by each device type. These features can be configured using the different configuration options.- Publish policies
When a policy is published it will be in the active state. The active policies will be applied to the devices that register with EMM based on the Policy enforcement criteria. - Unpublish policies
When a policy is unpublished it will be in the non-active state. Such policies will not be considered when applying policies to the device that registers with EMM. - Save
If you save a policy it will be in the non-active state. Therefore, it will not be taken into account when the EMM server filters policies, to enforce a suitable policy on a device that registers with the EMM. - Save and publish
If you save and publish a policy it will be in the active state. The active policies will be applied to new devices that enroll with EMM based on the Policy enforcement criteria. Apply changes
Policies in the active state will be applied to the new device that registers with EMM based on the policy enforcement criteria . In a situation where you need to make changes to existing policies (removing, activating, deactivating and updating) or add new policies, the existing devices will not receive these changes immediately. Once all the required changes are made you can click Apply changes to push the policy changes to the existing devices.The EMM does not notify the end user of the devices each time a change is made to a policy because the notification servers will be flooded unnecessarily with the policy changing messages. Therefore after all the required changes are made to the policies you can click apply changes to notify the user in one go.