Using Policy Management

Using Policy Management

Policy Management provides customized settings for LDM organizations. This feature is available for IT Admins, Org Admins and MSP.

LDM Organization Settings

Navigate to Policy Management > LDM Organization Settings on the left pane. The following options are available:


  1. Multi Factor Authentication Settings: Enables Org Admin to set multi factor authentication (MFA) settings either as Required or Optional for all users. When set to Optional, users can set up MFA in their profile.
  2. Patch Security Mitigation: Allows IT admins to remotely deploy recommended Windows software and system updates to the devices.
    1. By default, the "Unsigned Patch updates will be hidden and not displayed for remote update through LDM" option will be enabled. Any unsigned packages will not be visible in the Patches list.
    2. If the first option is selected, you will see an "unsigned package" indicator displayed next to eye icon. all unsigned patch packages will be included in the recommended patch list with an indicator icon that the package is unsigned.
  3. Users PIN Policy: Enables org admins to configure the PIN expiry duration (14 days, 30 days, 60 days or 180 days). Org admins can also enable/disable the option to send reminder email a week before PIN expiry.


  1. Feature Controls: Acts as an additional security layer. When enabled, any user should be logged-in to the LDM portal using Multi-factor Authentication (MFA) to perform specific operations.
  2. Android App Settings: Enables application management functionality from the App Device Tray
  3. Auto Install of Intel vPro® Agent: Enables/Disables the automatic installation of the Intel vPro® agent on eligible devices during the provisioning process
These options are set to “Disabled” for all new organizations by default. Even if disabled, the manual installation option via the Device Management > Devices > Device Tray is still available.
  1. Request to become Managed Service Provider (MSP): Allows the organization to manage their own organization and other organizations that could be divisions of the same company. Click the button to convert the business to MSP and perform the services on behalf of the organization's end customers. Accept the MSP Specific Terms and Conditions and click Continue. After a while, the organization will be converted into a MSP. The Organization Admin role will now be MSP Admin, and you can see a new Managed Organizations section in the left navigation menu. Refer to article Using Managed Organizationsfor more information.
Converting an organization to MSP is an irreversible option. 

If the organization has a trial license, if there are no licenses, or if the existing licenses have expired, the following message will display "There are no eligible licenses available for this organization. Please ensure licenses are purchased prior to converting this organization to MSP." The Convert to MSP button will also be disabled.

    • Related Articles

    • Using Managed Organizations in Lenovo Device Manager

      Lenovo Device Manager enables organizations to be converted to Managed Service Providers (MSPs). MSP provides parent/child organization management support where Organization Admins can manage their own organization and other organizations. These ...
    • Viewing Device Information – Android Operating System

      Once an Android device is added to LDM, admins can view the device information and perform basic actions through the Device Tray. You can access the device tray from Device Manager > Device List > (Click on the device) > Device Tray. If a device has ...
    • Adding Android Devices

      Any Lenovo Android device can be claimed and provisioned in Lenovo Device Manager in two ways - scanning a QR code from the LDM portal or through a manual registration process. Automatically Claiming and Provisioning a Device Navigate to Device ...
    • Utilizing User Management

      User Roles & Permissions User Profile information can be accessed by clicking My Profile option under your User Icon in the top ribbon. Information tab Update your First Name Update your Last Name Update your Profile Image Delete your account ...
    • Viewing Patch Deployment and System Updates

      System Update information will be available only if the System Update feature is enabled. Creating Patch Deployment Report When a patch is successfully installed to a Windows device, it is removed from the Patches section and added to Patch ...