Using Policy Management

Using Policy Management

Policy Management provides customized settings for LDO organizations. This feature is available only for Org Admins and MSP Admins.

Feature Settings

To access Policy Management settings, navigate to Policy Management > Feature Settings in the left pane. The following subtabs will be  available: Security, Feature and Connectors.

Feature 




Configure Alerts:

Enables setting alert thresholds for low battery and storage capacity. When the device reaches these thresholds, an alert is generated in the corresponding report (Low Battery Report or Storage Report). If the user takes actions such as deleting files to create more storage space or charging the battery, the alert will be removed from the report. 


Patch Preferences:

  1. Automatically Install Patch Runtime Dependencies. Enabling this option installs Microsoft C++ on devices if it is not detected.
  2. Patch Security Mitigation Options.
  3. The organization accepts the risk of installing unsigned packages from LDO Patch. If this option is selected, you will see an "unsigned package" indicator displayed next to eye icon. all unsigned patch packages will be included in the recommended patch list with an indicator icon that the package is unsigned.
  4. Unsigned Patch updates will be hidden and not displayed for remote update through LDO. Any unsigned packages will not be visible in the Patches list.

    System Update Preferences:

    Adds the ability to schedule System Update activities across all eligible devices on your network. Enable or disable the following options:

    • Automatically Scan only for New Updates. Checks for new updates every Monday at 6am ET. New updates will automatically appear on System Update page.

    When this option is enabled, the date and time of the last scan are displayed on the App Management > System Update page, below the Check for updates link. This link is disabled for 30 minutes immediately after the last automatic scan is initiated.

    • Automatically Scan and Update. Lets Org/MSP Admins schedule when LDO should automatically scan eligible devices for Critical and/or Recommended updates (the same schedule will apply to all eligible devices).
      1. To Enable this feature, slide the corresponding button to turn it on. 
      2. Click Edit Schedule.
      3. Select the update types using the radio buttons. Both Critical and Recommended updates are available to update, but Critical is required (Recommended is only optional).
      4. Set the update Frequency, Day of the month or Day of the week, and Time, as needed.
      5. Click Save.

    All eligible devices will be scanned for Critical and/or Recommended updates, as scheduled. All automated updates can be monitored on the System Update page through the deployment process and then monitored on the System Update Status report. Please continue to check the System Update page for all other (Optional) updates.

    • Automatically Install System Update Add-in. Auto installs System Update Add-in if it is not detected on device. This is required for System Update operations.

    Notes Only online devices can be auto-scanned; offline devices will need to be manually scanned (on-demand).

    • System Update Messaging and Deferrals. Allows to configure System Update preferences for devices which require a reboot for the update to be applied.
      • Set the number of deferrals allowed to end user: This option defines the maximum number of times a user can postpone a Required Reboot for an update.
      • Set the time between notification and device reboot.

    The system will display a notification prompting the user to allow the reboot for the update. It will also show the total number of deferrals allowed and the number already used. 

    If the user still has a deferral available, they can click No to postpone the reboot. In that case, the System Update report will display the status Reboot Required for the corresponding device. 

    However, if no deferrals remain, they must save their work and click OK
    to proceed with the reboot.

    1. Update Testing. When enabled, this feature lets you select one or more devices or device groups to test a System Update. The update is flagged on the System Update page, and you can set a start and end date. It remains blocked from other devices until approved for rollout.

    2. Customize End User Dialogue Box. Add your company name and logo to personalize the dialog box shown to end users.

    Manage Accessories:

    1. Automatically Install Lenovo Dock manager:  Enabling this button allows the Lenovo Docking Station Manager to be installed automatically on the client device. 


    Feature controls:

    Acts as an additional security layer. When enabled, any user should be logged in to the LDO portal using Multi-factor Authentication (MFA) to perform specific operations.
     

    Android App Settings Management:

    Enables application management functionality from the App Device Tray.

    Auto Install of Intel vPro® Agent:

    Enables/Disables the automatic installation of the Intel vPro® agent on Intel vPro devices during the provisioning process.

    Notes
    These options are set to “Disabled” for all new organizations by default. Even if disabled, the manual installation option via the Device Management > Devices > Device Tray is still available.

    Request to become Managed Service Provider (MSP)
    Allows the organization to manage their own organization and other organizations that could be divisions of the same company. Click the button to convert the business to MSP and perform the services on behalf of the organization's end customers.

    Accept the MSP Specific Terms and Conditions and click Continue. After a while, the organization will be converted into an MSP. The Organization Admin role will now be MSP Admin, and you can see a new Managed Organizations section in the left navigation menu. 

    Alert
    Converting an organization to MSP is an irreversible option

    If the organization has a trial license, if there are no licenses, or if the existing licenses have expired, the following message will display "There are no eligible licenses available for this organization. Please ensure licenses are purchased prior to converting this organization to MSP." The Convert to MSP button will also be disabled.




      • Related Articles

      • Low Battery Report

        When a device’s battery has <20% charge remaining, Device Management will create an alert on the Dashboard. The device will be listed in the Low Battery report and Device Management > Devices > Device Tray > Alert History tab until the low battery ...

      • Using Intel vPro® Agent in Device Management

        Device Management support Intel vPro® EMA functionality with the installation of the Intel vPro® agent during Device Management provisioning. Certain Device Management features may be available differently for devices with Intel vPro® Essentials and ...

      • Low Storage Report

        When a device’s storage is nearing capacity (<5% remaining), Device Management will create an alert on the Dashboard. The device will be listed in the Storage report and Device Management > Devices > Device Tray > Alert History tab until the max ...

      • Viewing Device Information – Android Operating System

        Once an Android device is added to the software, administrators can view its details and perform basic actions via the Device Tray. To access the Device Tray, go to Device Management > Devices, and select the device. Device Tray When you open the ...

      • Implementing Power Management

        This feature provides programming of multiple power management operations with multiple schedules into one easy to use tool. It Admins can schedule for an organization, a group of devices or individual devices. Only eligible Windows PCs and Smart ...