Adaptive settings

Adaptive settings allow agent settings to dynamically change on a device based on location (geofencing) or IP address. This is mainly oriented towards mobile devices and laptops. For example, you could have one set of agent settings while a device is connected to the corporate network, but when the device connects to an external network, the agent settings could be more restrictive.

IP address adaptive settings work with Windows devices. Geofencing uses the Windows 8 and newer location API and only works with devices running Windows 8 and newer.

Enabling adaptive settings will cause .NET4 to be installed with the agent.

Creating adaptive settings

An adaptive setting has three parts:

  1. Trigger: The geofence coordinates and range, or the starting and ending IP address range.
  2. Rule: The combination of a trigger and the agent setting overrides that trigger activates.
  3. Adaptive setting: The list of rules you want monitored, ordered by priority. This is what you deploy to devices in an agent configuration.

Follow these steps to get started with adaptive settings.

  1. Create a trigger
  2. Create a rule
  3. Create an adaptive setting
  4. In an agent configuration, enable adaptive settings and select an adaptive setting
  5. Deploy the agent configuration you modified

Change settings tasks can't be used for the initial deployment of adaptive settings. You must first deploy adaptive settings with an agent configuration. If you later want to change the adaptive setting a device's agent configuration references, you can then use a change settings task.

Adaptive settings take advantage of Ivanti agent behavior technology. Once you deploy an adaptive setting to a device, any subsequent changes to the adaptive setting those devices are using will be automatically distributed to affected devices. You don't need to schedule an additional agent deployment or a change settings task to update a deployed adaptive setting.

Adaptive setting triggers

There are two adaptive setting trigger types:

  • Geofence (requires Windows 8 and newer and a device with a GPS)

  • IP address range (works with any Windows device)

For geofencing, the target radius circle defaults to 10 meters. Increase the Radius if you want it to include a corporate campus, city, and so on.

The geofencing minimum device accuracy determines how accurate the GPS reading must be for the trigger to activate. If the GPS-reported accuracy exceeds the value you specify, the trigger won't activate.

The IP address range Verify core existence on the network option can help prevent network spoofing by making sure the Ivanti® Endpoint Manager core server is visible to the device. Don't use this option with IP address ranges that won't have access the core server.

To configure a geofence adaptive setting trigger
  1. Click Tools > Configuration > Agent settings.
  2. In the Agent settings window toolbar, click the Configure settings button () and click Edit adaptive settings rules.
  3. Click New.
  4. Click New beside the Select trigger list.
  5. Enter a Trigger name.
  6. Select the Geofence trigger type.
  7. Click and drag the map so the red cross-hair is over the location you want to geofence. Use the scroll bars to zoom in and out.
  8. Adjust the Radius and Minimum device accuracy. The circle around the red cross-hair indicates the covered area.
  9. Click Save.

Adaptive settings rules

An adaptive settings rule associates a trigger with one or more agent settings to override when the trigger activates, along with additional one-time actions, such as locking the screen.

To create an adaptive setting rule
  1. Click Tools > Configuration > Agent settings.
  2. In the Agent settings window toolbar, click the Configure settings button () and click Edit adaptive settings rules.
  3. Click New.
  4. Enter a Rule name.
  5. Select an existing trigger or click New and configure a new trigger. For more information, see the next section.
  6. In the settings list, select the agent setting you want to use for each type.
  7. Select any one-time actions that you want run for this rule. For more information, see Adaptive settings one time actions.
  8. Click Save.

Creating an adaptive setting

An adaptive setting is a list of one or more adaptive settings rules ordered by priority. In the adaptive settings agent configuration, you can select multiple rules from a list of available rules. The agent on the managed device will check the triggers for each rule in the selected rules list, starting at the top. The first rule the agent encounters with a matching trigger will be applied and rule processing stops. Only one rule can be active at a time. If no rules are triggered, the default settings specified in the agent configuration page will be applied.

In an adaptive setting you can set the Check GPS location every interval. The default is two minutes. Frequent checks will reduce device battery life.

To create an adaptive setting
  1. Click Tools > Configuration > Agent settings.
  2. In the Agent settings tree, right-click Adaptive settings and click New.
  3. In the Adaptive settings dialog box, move the rules you want applied from the Available rules list to the Selected rules list. Click Move up and Move down to change the order if necessary.
  4. If no rules apply, you can use the default agent configuration settings (in other words, don't change anything), or you can specify a specific rule to apply.
  5. If you want, select Lock windows session if location services are disabled. This locks the device if someone turns on airplane mode, for example.
  6. Click Save.

Adaptive settings one time actions

Adaptive settings rules can have one-time actions that execute when the rule activates. For example, you could use the Lock windows session action when the device leaves your office building.

You can choose from the following one time actions:

  • Apply HP's recommended locked-down security BIOS settings: This only works on HP devices. You'll need to provide the BIOS password.
  • Lock Windows session: Locks the session so the user has to log back in. This can help prevent unauthorized access when the device leaves a secure area.
  • Run security scan: Runs the security scan that you select.

Applying adaptive settings to agent configurations

Once you have configured an adaptive setting you need to create or modify an agent configuration to use adaptive settings.

To enable adaptive settings:
  1. Click Tools > Configuration > Agent Configuration.
  2. Edit or create a new Windows agent configuration.
  3. In the list on the left, click Adaptive settings.
  4. Select Apply adaptive settings to this configuration. Note that this will cause .NET to be installed on the device.
  5. Select an adaptive setting to be deployed with this agent configuration.
  6. Click Save.
  7. Deploy the agent configuration.