Scope

Scope gives you granular control over which computers, mobile devices, and users receive remote management tasks. For example, you can use scope to ensure that a policy to install desktop publishing software only runs on computers in the Design department, or that an eBook is only distributed to students in a particular class.

Scope can be based on the following items:

  • Individual computers, mobile devices, or users

  • Computer, mobile device, or user groups

  • Departments

  • Buildings

  • LDAP or local users

  • LDAP user groups

  • Network segments

  • Classes

  • iBeacon regions

The items available vary depending on the remote management task you are configuring the scope for. For example, only eBook scope can be based on classes.

Note: Scope cannot be based on personally owned mobile devices.

Configuring Scope

For most remote management tasks, configuring the scope involves adding targets, limitations, and exclusions. (The process varies depending on the remote management task you are configuring the scope for.)

Adding Targets

Targets make up the initial pool of computers, mobile devices, or users that receive the remote management task. You can add all computers, mobile devices, or users, or you can add a combination of specific items (e.g., computers, groups, buildings).

  1. On the Targets pane, use the pop-up menu(s) to choose items to add to the scope.
    Note: All computers, mobile devices, and/or users selected from the pop-up menus will be added to the scope. One pop-up menu selection does not override another. For example, selecting "All Mobile Devices" and "Specific Users" as targets to the scope of an eBook will cause the eBook to be distributed to all mobile devices, as well as any computers or mobile devices that the chosen user or users are assigned to.

    images/download/thumbnails/15181997/Scope_Target_1.png
  2. If you chose to add specific items:

    1. Click Add images/download/thumbnails/15181997/New_icon.png .

    2. On each tab, click Add for the items you want to add.

      images/download/attachments/15181997/Scope_Target_2.png

    3. Click Done.

      images/download/attachments/15181997/Scope_Target_3.png

      The items you added are displayed in a list on the Targets pane.

Adding Limitations

Adding limitations to the scope of a remote management task allows you to do the following:

  • Limit the task to specific users in the target. For example, if you want a certain application to open at login for specific users regardless of the computer they use, you can use all computers as the target and add specific users as limitations.

  • Limit the task to specific network segments in the target. For example, if you want each computer in a department to install a package but only while on the company’s production network, you can use the department as the target and add a specific network segment as a limitation.

  • Limit policies and configuration profiles to devices in the target when the devices are in a specific iBeacon region. For example, if you want to install a configuration profile on mobile devices when they are in a specific iBeacon region, you can add the iBeacon region as a limitation.

  1. On the Limitations pane, click Add images/download/thumbnails/15181997/New_icon.png .

    images/download/thumbnails/15181997/Scope_Limitations_1.png
  2. On each tab, add items as needed.
    To add a network segment, click the Network Segments tab and then click Add for the network segment.
    images/download/thumbnails/15181997/Scope_Limitations_2.png

    To add an LDAP or local user, click the LDAP/Local Users tab. Then enter the username in the search field and click Add.

    images/download/attachments/15181997/Scope_Limitations_3.png

    To add an LDAP user group, click the LDAP User Groups tab, enter the name of the group in the search field, and click Search. Then click Add for the group you want to add.

    images/download/attachments/15181997/Scope_Limitations_4.png

  3. Click Done.
    The items you added are displayed in a list on the Limitations pane.

Adding Exclusions

Adding exclusions to the scope of a remote management task allows you to exclude specific computers or mobile devices, groups, buildings, departments, users, user groups, or network segments. For example, if you want to restrict an application for everyone except the head of the department, you can add them as an exclusion.

You can also add iBeacon regions as exclusions to the scope of policies and configuration profiles. For example, if you want to prevent a mobile device from having a configuration profile installed when it is in a specific iBeacon region, you can add the iBeacon region as an exclusion.

  1. On the exclusions pane, click Add images/download/thumbnails/15181997/New_icon.png .

    images/download/thumbnails/15181997/Scope_Exclusions_1.png
  2. On each tab, add items as needed.
    To add an LDAP or local user, click the LDAP/Local Users tab. Then enter the username in the search field and click Add.

    images/download/attachments/15181997/Scope_Exclusions-2.png

    To add an LDAP user group, click the LDAP User Groups tab, enter the name of the group in the search field, and click Search. Then click Add for the group you want to add.

    images/download/attachments/15181997/Scope_Exclusions-3.png

    To add another type of item, click the appropriate tab and then click Add for the item you want to add.

  3. Click Done.
    The items you added are displayed in a list on the Exclusions pane.

Copyright | Privacy | Terms of Use | Security
© copyright 2002-2017 Jamf. All rights reserved.