Policy Management
When you create a policy, you use a payload-based interface to configure settings for the policy and add tasks to it. For more information on the settings you can configure, see Policy Payload Reference.
After you create a policy, you can view the plan, status, and logs for the policy. You can also flush policy logs.
To run a policy on a computer, the Allow Jamf Pro to perform management tasks checkbox must be selected in the computer inventory information to enable the management account. For more information about the management account, see Computer Enrollment Methods.
Creating a Policy
The policy runs on computers in the scope the next time they check in with Jamf Pro and meet the criteria in the General payload.
Running a Policy
There are two ways to run a policy with a pre-defined trigger. You can run a policy using the following methods:
Wait until the configured trigger event occurs.
Manually trigger the policy using the jamf binary.
To manually trigger the policy using the jamf binary, execute the following command on managed computers:
sudo jamf policy -event <triggerName> -verbose
If the policy has a pre-defined trigger, replace <triggerName>
with the appropriate value. The following is a list of pre-defined triggers:
Startup—
startup
Login—
login
Logout—
logout
Network State Change—
networkStateChange
Enrollment Complete—
enrollmentComplete
Recurring Check-in—None (execute
sudo jamf policy -verbose
)
If the policy has a custom trigger, replace <triggerName>
with the custom trigger name specified in the policy.
A policy with a custom trigger must be run manually using the jamf binary.
Viewing the Plan for a Policy
The plan for a policy includes the following information:
An indicator that shows whether the policy is enabled
The execution frequency
The triggers
The scope
The site that the policy belongs to
A list of actions for the policy
- In Jamf Pro, click Computers
at the top of the sidebar.
- Click Policies
in the sidebar.
- In the list of policies and their plans, click Expand
for a policy to view its actions.
Viewing the Status of a Policy
For each policy, you can view a pie chart that shows the number of computers for which the policy has completed, failed, and is still remaining.
- In Jamf Pro, click Computers
at the top of the sidebar.
- Click Policies
in the sidebar.
- Click Grid View
at the top of the list.
Viewing and Flushing Logs for a Policy
The logs for a policy include a list of computers that have run the policy and the following information for each computer:
-
The date/time that the policy ran on the computer
-
The status
-
The actions logged
Adding a Policy to the Jamf Pro Dashboard
Adding a policy to the Jamf Pro Dashboard helps you monitor its status and progress. For example, you can determine which computers have received software, which have pending installations, and if any policies have failed to deploy and require troubleshooting.
If you configure a policy to assist with the deployment of a security stack (e.g., an antivirus suite or Jamf Protect) to computers, you can track its deployment progress by adding the policy to the Jamf Pro Dashboard. This allows you to view all completed, pending, retrying, and failed deployment attempts for the policy.
Monitor the progress of computers that have been scoped to the policy in both the circular percentage graph and the status categories. Then, use this information to troubleshoot any computers that have Failed, Pending, or Retrying statuses by clicking the status links and reviewing the computers presented.