Flex Policies can be used to automate your workflows in Addigy by:
- Allowing devices to be enrolled into multiple policies
- Having devices auto-enroll into policies based on values of device facts
Here are just a few of the many use cases for Flex Policies to assist you in managing your devices in Addigy.
For more information on creating Flex Policies as well as how to enable Flex Policies for your Organization, please check out our KB articles.
Use Cases
Reports
By creating a Flex Rule that adds devices that have met a requirement, such as devices on the latest OS version, you can create a report for clients letting them know the state of their devices. To do this, create an Auto assignment Flex Rule that checks if the device's OS is equal to the latest OS version (this would need to be manually updated when a new version comes out). The devices that meet this requirement will automatically be added to the policy; you can then create a devices report, which can be scheduled to send the list of devices to your email as well as your clients.
Quarantining
When devices are in a state that requires them to be separated from other devices, such as devices compromised with malware, they can be grouped together to isolate and mass remediate them using scripts or custom software. A real-world use case for which this could've been leveraged was Silver Sparrow malware in 2021.
Paid Packages
Easily split up devices based on the support level the client is paying for. An example of this is patch management: add the policy id's of the companies that are paying for patch management to a policy using Auto Assignment that enforces system updates. In cases where plans are downgraded, simply remove the company from auto-assignment.
Scenarios
Needing to Exclude Items From Certain Organizations/Groups or Individual Machines
Scenario
The CEO is in an important meeting and can’t be interrupted, but you have a critical system update you need to get out now.
Solution
With Flex Policies, you can push software and system updates to everyone in the organization and exclude individual machines.
Separating devices into User Groups (i.e. by Department) using Addigy Identity
Scenario
All engineers need to have specific software added to their devices that should not be deployed to anyone outside the engineering department.
Solution
If you’re using Addigy Identity and Azure, you’re able to identify the department of a user when they sign into a machine and automatically assign them to a policy based on their department using User Attributes. This means that if a member of the marketing team logs into the computer, the machine will automatically receive the necessary marketing software. If a member of the engineering team logs into the computer, the machine will automatically receive the required engineering software.
Accomplishing Advanced Conditional Item Deployments
Scenario
A new version of a software was released but it does not work on Catalina devices.
Solution
Based on macOS Version (Major or Minor) and Processor Type (M1, M2, or Intel) you can split devices to only receive Updates, Scripts, Monitoring, Maintenance, and Software that specifically pertain to them. For example, you can use this to prevent software from updating to a version that is not compatible with the device's current macOS version.