Flex Policies can be used to automate your workflows in Addigy by:
- Allowing devices to be enrolled into multiple policies
- Having devices auto-enroll into policies based on values of device facts
Here are just a few of the many use cases for Flex Policies to assist you in managing your devices in Addigy.
For more information on creating Flex Policies as well as how to enable Flex Policies for your Organization, please check out our KB articles.
Use Cases
Reports
By creating an auto-assignment rule that adds devices that have met a requirement, such as devices on the latest OS version, you can create a report for clients letting them know the state of their devices. To do this, create an auto-assignment rule that checks if the device's OS is equal to the latest OS version (this would need to be manually updated when a new version comes out). The devices that meet this requirement will automatically be added to the policy; you can then create a devices report, which can be scheduled to send the list of devices to your email as well as your clients.
Quarantining
When devices are in a state that requires them to be separated from other devices, such as devices compromised with malware, they can be grouped to isolate and mass remediate them using scripts or custom software. A real-world use case for which this could've been leveraged was Silver Sparrow malware in 2021.
Paid Packages
Easily split up devices based on the support level the client is paying for. An example of this is patch management: add the policy IDs of the companies that are paying for patch management to a policy using Auto Assignment that enforces system updates. In cases where plans are downgraded, simply remove the company from auto-assignment.
Scenarios
Needing to Exclude Items From Certain Organizations/Groups or Individual Machines
Scenario
The CEO is in an important meeting and can’t be interrupted, but you have a critical system update you need to get out now.
Solution
With Flex Policies, you can push software and system updates to everyone in the organization and exclude individual machines.
Simply use the "Serial Number" device fact as well as the "!=" (does not equal) operator to exclude a device from this Flex Policy. To get more granular, you can even specify a specific policy to only assign devices to this Flex Policy, like so:
Note: you can retrieve the policy ID of a policy by going to Policies > (your policy) > Overview
Separating devices into User Groups (i.e. by Department) using Addigy Identity
Scenario
All engineers need to have specific software added to their devices that should not be deployed to anyone outside the engineering department.
Solution
If you’re using Addigy Identity and Azure, you’re able to identify the department of a user when they sign into a machine and automatically assign them to a policy based on their department using User Attributes. This means that if a member of the marketing team logs into the computer, the machine will automatically receive the necessary marketing software. If a member of the engineering team logs into the computer, the machine will automatically receive the required engineering software.
Here is an example where only users tagged with "Engineering" as their department in Azure will be assigned to the policy:
Accomplishing Advanced Conditional Item Deployments
Scenario 1
A new version of a software item was released but it does not work on devices with a Silicon chip.
Solution
You can split devices to only receive various policy items that specifically pertain to them based on various facts, such as OS Version, Processor Type, and more.
The following example will only assign devices that have an Apple Silicon chip:
Note: you can also use the Processor Type device fact to get more granular information, such as Apple M1, Apple M2 Pro, etc...
Scenario 2
You as the admin would like to only deploy only the latest updates relating to each device's major version. For example, all devices on Ventura should receive the latest Ventura updates and no upgrades for later major macOS versions.
Solution
Addigy has the "OS Version" device fact that can help retrieve the specific OS version of a device. With this, you can use a set of operators to ensure that only devices within a certain OS range will be assigned.
The following example will only assign devices that are on Ventura.
Note: this can be repurposed for any OS version. For example, if you want to do this but only for Sonoma devices, you can do "14.*".
Scenario 3
There are some devices that support a maximum of Monterey and you are trying to upgrade your fleet of devices to Sonoma using Addigy's Public Software macOS Installer. However, this will prompt devices that do not support the deployed OS version, which you want to avoid.
Solution
There are multiple device facts within the Addigy > Community > Device Facts section that can help determine OS support. With these, you can set a simple true or false rule with auto-assignments.
The below example will assign devices that support Sonoma.
Note: the following links are to a few of our device facts that handle this. Do note that you must be logged into the Addigy platform in order to view these.
macOS Sonoma Support
macOS Ventura Support
macOS Monterey Support