Using Policy Management

Using Policy Management

Policy Management provides customized settings for LDM organizations. This feature is available only for Org Admins and MSP Admins.

LDM Organization Settings

Navigate to Policy Management > LDM Organization Settings on the left pane. The following options are available:

Security

  1. Multi Factor Authentication Settings: Enables Org Admin to set multi factor authentication (MFA) settings either as Required or Optional for all users. When set to Optional, users can set up MFA in their profile.
  2. Users PIN Policy: Enables org admins to configure the PIN expiry duration (14 days, 30 days, 60 days or 180 days). Org admins can also enable/disable the option to send reminder email a week before PIN expiry.


Feature


  1. Configure Alerts: Enables setting alert thresholds for low battery and storage capacity. When the device reaches these thresholds, an alert is generated in the corresponding report (Low Battery Report or Storage Report). If the user takes actions such as deleting files to create more storage space or charging the battery, the alert will be removed from the report. 

  2. Patch Preferences
    Patch Security Mitigation Options:
  1. The organization accepts the risk of installing unsigned packages from LDM Patch. If this option is selected, you will see an "unsigned package" indicator displayed next to eye icon. all unsigned patch packages will be included in the recommended patch list with an indicator icon that the package is unsigned.
  2. Unsigned Patch updates will be hidden and not displayed for remote update through LDM. Any unsigned packages will not be visible in the Patches list.

  1. System Update Preferences: Adds the ability to schedule System Update activities across all eligible devices on your network. Enable or disable the following options:
  2. Automatically Scan only for New Updates. Checks for new updates every Monday at 6am ET. New updates will automatically appear on System Update page.
  3. Automatically Scan and Update. Lets Org/MSP Admins schedule when LDM should automatically scan eligible devices for Critical and/or Recommended updates (the same schedule will apply to all eligible devices).
All eligible devices will be scanned for Critical and/or Recommended updates, as scheduled. All automated updates can be monitored on the System Update page through the deployment process and then monitored on the System Update Status report. Please continue to check the System Update page for all other (Optional) updates.

When enabled, select update Types with radio buttons: Critical - always selected; Recommended - optional (not allowed without "critical" being selected). Set the updates Frequency, Date and Time.
  1. Automatically Install System Update Add-in. Auto installs System Update Add-in if it is not detected on device. This is required for System Update operations.
Only online devices can be auto-scanned; offline devices will need to be manually scanned (on-demand).
  1. System Update Messaging and Deferrals. Allows to configure System Update preferences for devices which require a reboot for the update to be applied.
    1. Set the number of deferrals allowed to end user: This option defines the maximum number of times a user can postpone a Required Reboot for an update.
    2. Set the time between notification and device reboot.
The system will display a notification prompting the user to allow the reboot for the update. It will also show the total number of deferrals allowed and the number already used. 
If the user still has a deferral available, they can click No to postpone the reboot. In that case, the System Update report will display the status Reboot Required for the corresponding device. 
However, if no deferrals remain, they must save their work and click OK to proceed with the reboot.
  1. Feature controls: Acts as an additional security layer. When enabled, any user should be logged-in to the LDM portal using Multi-factor Authentication (MFA) to perform specific operations.

  2. Android App Settings: Enables application management functionality from the App Device Tray.

  3. Auto Install of Intel vPro® Agent: Enables/Disables the automatic installation of the Intel vPro® agent on Intel vPro devices devices during the provisioning process.
These options are set to “Disabled” for all new organizations by default. Even if disabled, the manual installation option via the Device Management > Devices > Device Tray is still available.
  1. Request to become Managed Service Provider (MSP): Allows the organization to manage their own organization and other organizations that could be divisions of the same company. Click the button to convert the business to MSP and perform the services on behalf of the organization's end customers. Accept the MSP Specific Terms and Conditions and click Continue. After a while, the organization will be converted into an MSP. The Organization Admin role will now be MSP Admin, and you can see a new Managed Organizations section in the left navigation menu. For more information, please consult Using Managed Organizations.
Converting an organization to MSP is an irreversible option. 

If the organization has a trial license, if there are no licenses, or if the existing licenses have expired, the following message will display "There are no eligible licenses available for this organization. Please ensure licenses are purchased prior to converting this organization to MSP." The Convert to MSP button will also be disabled.



    • Related Articles

    • Viewing Low Storage Report

      When a device’s storage is nearing capacity (<5% remaining), LDM will create an alert on the Dashboard. The device will be listed in the Storage report and Device Management > Devices > Device Tray > Alert History tab until the max capacity alert is ...
    • Viewing Low Battery Report

      When a device’s battery has <20% charge remaining, LDM will create an alert on the Dashboard. The device will be listed in the Low Battery report and Device Management > Devices > Device Tray > Alert History tab until the low battery alert is no ...
    • Viewing Device Information – Android Operating System

      Once an Android device is added to LDM, admins can view the device information and perform basic actions through the Device Tray. You can navigate to the Device Tray by following this path: Device Management > Device List > (Select the device) > ...
    • Using Managed Organizations in Lenovo Device Manager

      Lenovo Device Manager enables organizations to be converted to Managed Service Providers (MSPs). MSP provides parent/child organization management support where Organization Admins can manage their own organization and other organizations. These ...
    • Using System Update

      This feature allows Org Admins, IT Admins and MSP Admins to centrally manage Windows BIOS, drivers and firmware updates on any Lenovo Windows devices. Updates are checked when new devices are claimed and licensed and on-demand from the System Update ...