Agent Policy
Please be aware there are significant changes coming in Ivanti Neurons Agent Management. This will impact your Neurons workflow. For further details see Migrating to New Agent Management.
A Policy Group is a set of instructions, or IT policies, that configure the agent. Assign a policy to Discovered Devices, on deployment the agent and policy are installed on the device.
Use cases for application
Use case 1: You may have a group of devices that hold sensitive data, such as finance devices or HR devices, that you don’t want IT to remote control on to, to fix issues. So you would create a policy group that excludes Remote Control capabilities from being installed on those devices.
Use case 2: You may have server based devices that you don’t want to run automated actions on remotely. So you would create a policy group that excludes Automation being installed on those servers.
Use case 3: You may have certain edge devices, such as medical endpoints, that you don’t want multiple engines (or services) installed on or running so as to reserve resources for more critical services. These endpoints can be added to a policy group that excludes enabling Ivanti features, this removes the need to install multiple engines on those endpoints keeping resources free for other, more important, edge services.
Policy Groups
You can access Policy Groups to create a new group, or to assign devices to it, from:
- Admin > Agent Policy
- Admin > Discovery > Policy Groups
The Policy Groups view lists all of the policy groups you have created, including the Deployment Representatives Group group.
Actions available:
- Download Deployment Representative Agent: Select to generate a new enrollment key to install further agents on devices.
- Create New Policy Group: Select to open the Create Policy Group Details panel to set the properties for the group.
From a policy group ellipsis menu:
- Revoke: Select to cancel the agent and policy install by revoking the enrollment key assigned.
If there are devices in the policy group that have not had the agent installed, a new policy group must be created and the devices moved to it, to provide a new enrollment key for them.
- Remove Policy Group: Select to remove an empty policy group. This action is available only when all devices in the group have been uninstalled. A confirmation message displays for you to confirm the action. To learn more about removing devices go to the Remove Devices section.
- Retry Failed Deployments: Select to retry failed installation of the Ivanti Neurons agent which is being deployed via the policy group. See How to troubleshoot Deployment Issues for help on why deployment might have failed.
How to create and deploy a new policy
- Navigate to Admin > Agent Policy.
- Click Create New Policy Group to open the New Policy Group Details panel.
- Give the Policy Group a name and description.
- Select which Capabilities to enable in this policy group.
Take care when selecting the capabilities, refer to the detail in the Capabilities section.
- Select the credentials for the device that the policy group is to be deployed to.
If there are no credentials set up for the device, go to Admin > Credentials . - Select Next - Choose Devices to display the list of all devices.
- Select the devices the group policy is to apply to.
- Select Deploy Agents, a confirmation message appears, review the details and click Create Now.
When the deployments have been attempted a message appears detailing the number of successful installations and failed installations. You can retry failed deployments and download a report.
Policy groups are actioned sequentially, so if you create more than one policy group, the first group must complete deployment before the next policy group begins.