Phase 1: Prepare Your Infrastructure

Where you are in the process:

  1. Prepare your infrastructure
  2. Plan your policies
  3. Enforce your policies
  4. Daily operations

Before you can enforce Device Control policies in your organization, you have to get Device Control up and running.

During this phase, you will:

  1. Install the Server Module
    First things first: install the Device Control server module on the Endpoint Security platform.
  2. Configure the Device Control Reboot Behavior Option
    When you install the Device Control module on your endpoints, they require a reboot to complete installation. This reboot can disrupt your employees' work. However, the Endpoint Security Agent Policy Set feature includes options for handling this reboot with minimal effect on your users. Choose an option before installing the endpoint module.
  3. Enable Audit Mode
    Next, enable Audit mode, a setting within the Global Device Policy. This mode does two things:
    • It logs all devices that users connect to their endpoints, which is helpful information while planning your Device Control Policies.
    • It turns off policy enforcement. Since you still need to plan your policies, policy enforcement is not appropriate at this time.
  4. Install the Endpoint Module
    Use the Endpoint Security Console to install the Device Control module on your endpoints.
  5. Synchronize With Active Directory
    Device Control assigns Device Control Policies using user and endpoint data from your Active Directory. Synchronize your Endpoint Security Server with your Active Directory so that Device Control can use these objects to assign policies.
  6. Configure Options
    Configure the Device Control default options. These options include some settings that apply globally to your Device Control installation. You should configure these options as early as possible.