We are very excited to announce General Availability (GA) of Windows MDM policies!

JumpCloud Windows policy management now includes MDM policies as well. The policies are built on the CSP framework to securely manage Windows 10/11 devices. The framework brings reliability, stability and security as a package for JumpCloud Windows Policy Management and therefore, the devices are more likely to be in compliance with the set policies. All that an IT administrator will have to do is  configure Windows MDM policies and assign to device or device groups alongside group policies. In the phase, we are Introducing the following new Windows Policies: 

Prerequisite : Device must be enrolled in JumpCloud MDM. The supported editions are Pro, Enterprise, Education, Windows SE and IoT Enterprise/IoT Enterprise LTSC.

1. Wi-Fi Configuration - Whitelist  Wi-Fi network for secure connection on a Windows device
2. VPN - Secured access to work apps and resources through VPN profile enforcement
3. Install Certificate - Manage Trusted Root certificates
4. Bluetooth Configuration - Manage bluetooth advertising, discovery mode, pre-pairing
5. Control Policy Conflict - Determines win capability between LGPO & MDM. The default setting is MDM.

Key Benefits

• Security
  • The framework offers more reliability as the policies are well defined to manage devices. Therefore, the devices are said to be in 100% compliance with the set policy.
• Scalability and Performance
  • For MDM policies to be effective on the device no system boot-up and login procedures are needed, as long as the device is successfully enrolled in MDM and active, the device applies the policies with set values.
• Policy overlapping and conflict
  • CSP framework does not overlap or create unintended outcomes as each CSP has its desired configuration key & value. The CSP framework offers finer-grained configuration capabilities, empowering better security and deeper platform-level monitoring.
• Added advantage
  • The framework facilitates both Device & User based configuration settings. 
    • Policies configured at the device level will take effect independent of who logged in to the machine.
    • Policies configured at the user level will take effect only for the specific user.
  • While our current focus is on Device-level policy and build policies at rapid pace, we have user-level policy in consideration for the future.

How to configure MDM policies

1. On the admin console, navigate to Device Management > Policy Management.
2. Click on the “+” button.
3. In the Windows policy tab, search with the policy names (as mentioned above).
4. Click on the “Configure” button to navigate to policy settings.
5. Configure the policy as per business requirement and assign to Device Groups or Device and click “Save”.
6. Make sure the device is Active to receive the policy and apply the settings.
7. View the policy status in the Policy Results tab. 

Admin Flow

Search for the policy

Configure policy and assign

View the policy in list

Review the status of policy

Detailed view of policy status

Applied policy view on device

From end user, there are no steps involved for the policy to be activated. However, admin/user can make sure by looking at applied policies list in Access Work or School.

Learn more from following resources,

1. IT Hour - The IT Hour | Windows MDM CSP Policies 07.26.24
   
2. JumpCloud University Course - Enforcing Policies
3. Help center article - https://jumpcloud.com/support/windows-mdm-policy-management-with-csps