Configuring policies

Policy-based management requires a supported distribution package type for any policy you create. You can either create the packages ahead of time or you can create the packages while creating the policy. We recommend that you create the packages ahead of time to test them and ensure that they work before using them in a policy.

Normal distributions and policies can use the same distribution package. The difference is in the deployment, not the package creation. There are two delivery methods that support policy based distribution:

  • Policy delivery methods: The policy-only distribution model. Only devices meeting the policy criteria receive the package.
  • Policy-supported push delivery methods: The combined push distribution and policy model. First, software distribution attempts to install the package on all devices in the target list. This way, you can do an initial deployment using Targeted Multicast. Second, any devices that didn't get the package or that later become part of the target list (in the case of a dynamic target list) receive the package when the policy-based management agent on the device requests it.

The main difference between standard delivery methods and the policy-based delivery method is that the policy-based Delivery methods dialog box has a Job type and frequency page.

The job type and frequency options affect how target devices act when they receive the policy:

  • Required: The policy-based management agent automatically applies required policies without user intervention. You can configure required policies to run silently. Any UI that appears on the device while a required task is installing should be non-blocking; in other words, the application being installed shouldn't require user input.
  • Recommended: Users have the choice of when to install recommended policies. Recommended policies are selected by default on the device UI.
  • Optional: Users have the choice of when to install optional policies. Optional policies aren't selected by default on the device UI.

You can also configure how frequently a policy can run:

  • Run once: Once a policy successfully runs on a device, the device won't run that policy again.
  • Periodic: When a recommended or optional policy is specified as being periodic, it will be removed from the UI when it's successfully processed and will be shown again in the UI after the specified interval has elapsed.
  • As desired: Can be installed by users at any time.