Applying MDM to groups in Symantec Mobility: Suite
Last Updated November 09, 2015
Symantec Mobility: Suite lets you tailor MDM to meet the needs of your organizational groups. For instance, some groups may require no MDM while others may require strict MDM. You specify MDM activity in Device Policies.
When you create or edit a device policy, you select the groups to which the policy applies.
Only one device policy is allowed per group.
Considerations for group MDM
A device policy with MDM enabled lets you control how often the device is polled, whether to collect and display the location of the device, and whether to collect and display information about commercial apps. Some groups may require more frequent polling. Some groups may need to have location data available while other do not. Your particular security needs dictate which options are used and the values that are applied to the policy settings. A device policy can also control access to Exchange Active Sync through Symantec Work Mail. You set the access options for Work Mail in the device policy.
You can also enable or disable MDM profiles for iOS devices based on a device policy. On Android devices, you can enable or disable the device administrator.
Assigning an MDM-enabled device policy to an organizational group
Before you begin, this procedure assumes that you have already created groups or have mapped your organizational groups from an external identity provider (IDP).
When you create or open a policy for editing, your groups are listed as a roster at the top of the policy editor. Select the groups that the policy is targeted to and then save the policy. See Assigning Targets and Filters to device policies.
The group assignments are made immediately and targeted devices receive the updated policy at their next update interval.
Symantec Mobility: Suite manages apps using app policies. These policies control who can access an app, who must install it, what category it is associated with, and similar information.
Corporate versus personal mobile device management in Symantec Mobility: Suite
Symantec Mobility: Suite lets you take independent control of polices that are targeted to corporately owned mobile devices, and policies that are targeted to personal devices operating in your environment.
For instance, you may want your corporate devices to use MDM but not personal devices. To satisfy this scenario, you create an MDM-enabled device policy and assign it to your corporate devices. If you want to issue a non-MDM policy to the personal devices, create a non-MDM device policy and target it to only personal devices.
Assigning device policies by corporate or personal device ownership
In the Device Policy editor, under Targeted Devices, use the Filters drop-down menu to select the ownership assignment for the policy.