Using Policy Management

Using Policy Management

Policy Management provides customized settings for LDO organizations. This feature is available only for Org Admins and MSP Admins.

Feature Settings

To access Policy Management settings, navigate to Policy Management > Feature Settings in the left pane. The following subtabs will be  available: Security, Feature and Connectors.

Feature 



Configure Alerts:

Enables setting alert thresholds for low battery and storage capacity. When the device reaches these thresholds, an alert is generated in the corresponding report (Low Battery Report or Storage Report). If the user takes actions such as deleting files to create more storage space or charging the battery, the alert will be removed from the report. 

Patch Preferences:

  1. Automatically Install Patch Runtime Dependencies. Enabling this option installs Microsoft C++ on devices if it is not detected.
  2. Patch Security Mitigation Options.
  3. The organization accepts the risk of installing unsigned packages from LDO Patch. If this option is selected, you will see an "unsigned package" indicator displayed next to eye icon. all unsigned patch packages will be included in the recommended patch list with an indicator icon that the package is unsigned.
  4. Unsigned Patch updates will be hidden and not displayed for remote update through LDO. Any unsigned packages will not be visible in the Patches list.

    System Update Preferences:

    Adds the ability to schedule System Update activities across all eligible devices on your network. Enable or disable the following options:

    • Automatically Scan only for New Updates. Checks for new updates every Monday at 6am ET. New updates will automatically appear on System Update page.

    When this option is enabled, the date and time of the last scan are displayed on the App Management > System Update page, below the Check for updates link. This link is disabled for 30 minutes immediately after the last automatic scan is initiated.

    • Automatically Scan and Update. Lets Org/MSP Admins schedule when LDO should automatically scan eligible devices for Critical and/or Recommended updates (the same schedule will apply to all eligible devices).
      1. To Enable this feature, slide the corresponding button to turn it on. 
      2. Click Edit Schedule.
      3. Select the update types using the radio buttons. Both Critical and Recommended updates are available to update, but Critical is required (Recommended is only optional).
      4. Set the update Frequency, Day of the month or Days of the week, and Time, as needed.
      5. Click Save.

    All eligible devices will be scanned for Critical and/or Recommended updates, as scheduled. All automated updates can be monitored on the System Update page through the deployment process and then monitored on the System Update Status report. Please continue to check the System Update page for all other (Optional) updates.

    Add device groups:  Click this button to select one or more device groups and apply the scheduled automatic scan and update to the selected device group(s).

    • Automatically Install System Update Add-in. Auto installs System Update Add-in if it is not detected on device. This is required for System Update operations.

    NotesOnly online devices can be auto-scanned; offline devices will need to be manually scanned (on-demand).
    Only those updates with the Allowed to Deploy status will be included in the Auto Update.

    • System Update Messaging and Deferrals. Allows to configure System Update preferences for devices which require a reboot for the update to be applied.
      • Set the number of deferrals allowed to end user: This option defines the maximum number of times a user can postpone a Required Reboot for an update.
      • Set the time - in Minutes, Hour(s), or Day(s) - between the notification and the device reboot.

    The system will display a notification prompting the user to allow the reboot for the update. It will also show the total number of deferrals allowed and the number already used. 

    If the user still has a deferral available, they can click No to postpone the reboot. In that case, the System Update report will display the status Reboot Required for the corresponding device. 

    However, if no deferrals remain, they must save their work and click OK to proceed with the reboot.

    1. Update Testing. When enabled, this feature lets you select one or more devices or device groups to test a System Update. The update is flagged on the System Update page, and you can set a start and end date. It remains blocked from other devices until approved for rollout.

    2. Customize End User Dialogue Box. Add your company name and logo to personalize the dialog box shown to end users.

    Manage Accessories:

    1. Automatically Install Lenovo Dock manager:  Enabling this button allows the Lenovo Docking Station Manager to be installed automatically on the client device, but only if it is not already detected. 


    Feature controls:

    Acts as an additional security layer. When enabled, any user should be logged in to the LDO portal using Multi-factor Authentication (MFA) to perform specific operations.
     

    Android App Settings Management:

    Enables application management functionality from the App Device Tray.

    Auto Install of Intel vPro® Agent:

    Enables/Disables the automatic installation of the Intel vPro® agent on Intel vPro devices during the provisioning process.

    Notes
    These options are set to “Disabled” for all new organizations by default. Even if disabled, the manual installation option via the Device Management > Devices > Device Tray is still available.

    UDC  Logging: This option is disabled by default, and only errors are logged in the registry. Enabling it activates the Collect Logs button on the Device Management> Devices> Devices page. To turn on this feature, toggle the switch and click Save. This feature is available for Windows, Android and Linux devices.   For more details, refer to Managing Devices in Device Management.

    Request to become Managed Service Provider (MSP)
    Allows the organization to manage their own organization and other organizations that could be divisions of the same company. Click the button to convert the business to MSP and perform the services on behalf of the organization's end customers.

    Accept the MSP Specific Terms and Conditions and click Continue. After a while, the organization will be converted into an MSP. The Organization Admin role will now be MSP Admin, and you can see a new Managed Organizations section in the left navigation menu. 

    Alert
    Converting an organization to MSP is an irreversible option

    If the organization has a trial license, if there are no licenses, or if the existing licenses have expired, the following message will display "There are no eligible licenses available for this organization. Please ensure licenses are purchased prior to converting this organization to MSP." The Convert to MSP button will also be disabled.

    Connectors

    This feature provides a Connectors page where you can edit existing connections or add new ones for Chrome devices, allowing you to onboard them to Device Management at a later stage (see Onboarding Chrome Devices for detailed instructions). You can also set the Microsoft Intune connection from this page..

    Add a New Connection
    1. To connect to Google Cloud Platform
      1. Click Add Connection.
      2. Enter your Google Workspace Customer ID (Google credentials).
      3. Click Upload file and select the file or drag and drop the file JSON Credentials for Service Account from your computer.
      4. Click Connect. The connection is established and shows as Active.
        Note: Ensure your Google Workspace credentials are properly configured according to Google’s setup instructions to enable the connection.

    2. To connect to Microsoft Intune 
      1. Click Add Connection.
      2. Enter your Intune credentials (available in the Intune portal).
      3. Click Connect.
        Device Management displays a list of required permissions for claiming devices. Any missing permissions appear in red. If a permission is missing, return to Intune to add it before proceeding.
      4. Click Next.
      5. Select the Intune group(s) you want to add to the Groups page or click Select all groups.
      6. Click Sync, then Close.
        Back on the Connectors tab, you should see that the connector is Active and the account is configured.
    Manage Connector
    1. Click Manage connector.
    2. Enter the new value or upload a new file
    3. Click Connect.

    Disconnect Platform
    To disconnect a connector form the platform, click Disconnect Platform and then click Proceed.






      • Related Articles

      • Low Battery Report

        When a device’s battery has <20% charge remaining, Device Management will create an alert on the Dashboard. The device will be listed in the Low Battery report and Device Management > Devices > Device Tray > Alert History tab until the low battery ...

      • Using Intel vPro® Agent in Device Management

        Device Management support Intel vPro® EMA functionality with the installation of the Intel vPro® agent during Device Management provisioning. Certain Device Management features may be available differently for devices with Intel vPro® Essentials and ...

      • Low Storage Report

        When a device’s storage is nearing capacity (<5% remaining), Device Management will create an alert on the Dashboard. The device will be listed in the Storage report and Device Management > Devices > Device Tray > Alert History tab until the max ...

      • Viewing Device Information – Android Operating System

        Once an Android device is added to the software, administrators can view its details and perform basic actions via the Device Tray. To access the Device Tray, go to Device Management > Devices, and select the device. Device Tray When you open the ...

      • Using System Update

        This feature allows Org Admins, IT Admins and MSP Admins to centrally manage Windows BIOS, drivers and firmware updates on any Lenovo Windows device. Updates are checked in three scenarios: When new devices are claimed and licensed. On-demand from ...