Policy

Sonam2021
New Contributor III

Best Practice to implement Policies, which options are best from the following :

We are planning to deploy  standard policies & profiles required for device after enrollment in JAMF PRO

Is it best to use Recurring check-in + Once per computer for most of the policies?

As Startup, Network Change & logout are more inconsistent as we have to depend on user when he will act on it 

 

3 REPLIES 3

karthikeyan_mac
Valued Contributor

@Sonam2021 Depends on the requirement. I would recommend taking Jamf 100 (free)  & Jamf 200 course

Ex. Self Service policies are mostly without a trigger and Ongoing frequency. 

You may need to use custom trigger if doing you want to call a policy from other policy or script

Enrollment Complete trigger if policy needs to be triggered as soon as enrollment.  

Thanks

 

PaulHazelden
Valued Contributor

I would agree, it all depends on what you are doing.
I have a lot of iMacs, these in general get their policy on recurring check in once per computer. Although there are a couple that fire off on enrollment complete, and these use custom triggers to run other policies in the order I want them to run in, as soon as the device enrols. But after that, these are on wired connections so they can then sit there and run policy after policy until they are done.
I then have a load of MacBooks, for these we dont send out most of the software via the recurring check in. We use self service to let the staff install what they want when it is convienient to them, so for these they are set to once per computer or ongoing, it all depends on how often the policy needs to be run. You can always flush a once per computer policy for a given computer to allow it to install again.

Jaykrishna1
Contributor II

The best practice for implementing policies in JAMF Pro depends on the specific needs and requirements of your organization. However, the following options can be considered:

  1. Recurring Check-In: This option allows you to specify a time interval at which the policies and profiles will be checked and updated on the device. This is a good option for policies that need to be updated regularly, such as security updates or software installations.

  2. Once Per Computer: This option ensures that the policies and profiles are only applied once to each computer, regardless of how many times the computer checks in. This is a good option for policies that only need to be applied once, such as configuring the firewall or setting up the hard drive encryption.

  3. Startup: This option allows you to specify that the policies and profiles will be applied when the computer starts up. This is a good option for policies that need to be in place as soon as the computer starts, such as setting the wallpaper or default printer.

  4. Network Change: This option allows you to specify that the policies and profiles will be applied when the network configuration changes. This is a good option for policies that need to be updated when the computer changes networks, such as setting the proxy settings.

  5. Logout: This option allows you to specify that the policies and profiles will be applied when the user logs out. This is a good option for policies that need to be updated when the user logs out, such as updating the user's home folder.

In summary, you should consider the frequency and importance of the policies when determining which option is best for each policy. Start with a recurring check-in for most policies, and then use the other options for policies that require more specific triggers.