Using Policy Management

Using Policy Management

Policy Management provides customized settings for LDM organizations. This feature is available only for Org Admins and MSP Admins.

LDM Organization Settings

Navigate to Policy Management > LDM Organization Settings on the left pane. The following options are available:


  1. Multi Factor Authentication Settings: Enables Org Admin to set multi factor authentication (MFA) settings either as Required or Optional for all users. When set to Optional, users can set up MFA in their profile.
  2. Patch Security Mitigation: Allows IT admins to remotely deploy recommended Windows software and system updates to the devices.
    1. By default, the "Unsigned Patch updates will be hidden and not displayed for remote update through LDM" option will be enabled. Any unsigned packages will not be visible in the Patches list.
    2. If the first option is selected, you will see an "unsigned package" indicator displayed next to eye icon. all unsigned patch packages will be included in the recommended patch list with an indicator icon that the package is unsigned.
  3. Users PIN Policy: Enables org admins to configure the PIN expiry duration (14 days, 30 days, 60 days or 180 days). Org admins can also enable/disable the option to send reminder email a week before PIN expiry.


  1. Configure Alerts: Enables setting alert thresholds for low battery and storage capacity. When the device reaches these thresholds, an alert is generated in the corresponding report (Low Battery Report or Storage Report). If the user takes actions such as deleting files to create more storage space or charging the battery, the alert will be removed from the report. 
  2. System Update Preferences: Adds the ability to schedule System Update activities across all eligible devices on your network. Enable or disable the following options:
    1. Automatically Scan for New Updates. Checks for new updates every Monday at 6am ET. New updates will automatically appear on System Update page.
    2. Automatically Scan and Update. Lets Org/MSP Admins schedule when LDM should automatically scan eligible devices for Critical and/or Recommended updates (the same schedule will apply to all eligible devices).
    3. Since this is an automated feature, these updates will not appear on the System Update page, but can be tracked on the System Update Report.
    4. Users should continue to check the System Update page for all other (Optional) updates.
    5. When enabled, select update Types with radio buttons: Critical - always selected; Recommended - optional (not allowed without "critical" being selected). Set the updates frequency, date and time.
    6. Automatically Install System Update Add-in. Auto installs System Update Add-in if it is not detected on device. This is required for System Update operations.
Only online devices will be able to be auto-scanned, that any other devices will need to be manually scanned (on-demand).
  1. Feature controls: Acts as an additional security layer. When enabled, any user should be logged-in to the LDM portal using Multi-factor Authentication (MFA) to perform specific operations.
  2. Android App Settings: Enables application management functionality from the App Device Tray
  3. Auto Install of Intel vPro® Agent: Enables/Disables the automatic installation of the Intel vPro® agent on eligible devices during the provisioning process
These options are set to “Disabled” for all new organizations by default. Even if disabled, the manual installation option via the Device Management > Devices > Device Tray is still available.
  1. Request to become Managed Service Provider (MSP): Allows the organization to manage their own organization and other organizations that could be divisions of the same company. Click the button to convert the business to MSP and perform the services on behalf of the organization's end customers. Accept the MSP Specific Terms and Conditions and click Continue. After a while, the organization will be converted into a MSP. The Organization Admin role will now be MSP Admin, and you can see a new Managed Organizations section in the left navigation menu. For more information, please consult Using Managed Organizations.
Converting an organization to MSP is an irreversible option. 

If the organization has a trial license, if there are no licenses, or if the existing licenses have expired, the following message will display "There are no eligible licenses available for this organization. Please ensure licenses are purchased prior to converting this organization to MSP." The Convert to MSP button will also be disabled.

    • Related Articles

    • Viewing Low Storage Report

      When a device’s storage is nearing capacity (<5% remaining), LDM will create an alert on the Dashboard. The device will be listed in the Storage report and Device Management > Devices > Device Tray > Alert History tab until the max capacity alert is ...
    • Viewing Low Battery Report

      When a device’s battery has <20% charge remaining, LDM will create an alert on the Dashboard. The device will be listed in the Low Battery report and Device Management > Devices > Device Tray > Alert History tab until the low battery alert is no ...
    • Viewing Device Information – Android Operating System

      Once an Android device is added to LDM, admins can view the device information and perform basic actions through the Device Tray. You can navigate to the Device Tray by following this path: Device Management > Device List > (Select the device) > ...
    • Using Managed Organizations in Lenovo Device Manager

      Lenovo Device Manager enables organizations to be converted to Managed Service Providers (MSPs). MSP provides parent/child organization management support where Organization Admins can manage their own organization and other organizations. These ...
    • Using System Update

      This feature allows Org Admins, IT Admins and MSP Admins to centrally manage Windows BIOS, drivers and firmware updates on any Lenovo Windows devices. Updates are checked when new devices are claimed and licensed and on-demand from the System Update ...