Managing policies

SECURITY  Permission to manage policies at account and/or site level

NAVIGATION  Account > Policies

NAVIGATION  Sites > select a site > Policies

NAVIGATION  Sites > select a site > Devices > select a device > Policies

About

Policies can be created at the account and site level.

  • Account policies are visible at both the account and site level, and can be enabled or disabled for a specific site.
  • Policies created at the site level will only be visible on that site's Policies page. Site policies do not replace account polices but work in conjunction with them.
  • At the device level, those account and site policies are displayed that target that specific device.

For an introduction to policies, refer to About policies.

To learn about policies in the New UI, refer to Policies - New UI.

How to...

  1. At the account level, navigate to Account > Policies > New account policy.
    At the site level, navigate to Sites > select a site > Policies > New site policy.

  2. Specify the policy details that differ for each policy type. For more details, see Types of policies below.
Policy Type Description
Agent An Agent policy deploys settings to affect the operation and configuration of the Datto RMM Agent.
Refer to Create an Agent policy.
ESXi An ESXi policy allows the user to monitor the performance, datastore, temperature and hardware of ESXi host devices and their guest machines.
Refer to Create an ESXi policy.
Monitoring Maintenance Window A Monitoring Maintenance Window policy allows you to suspend monitoring while doing scheduled maintenance work on your devices.
Refer to Create a Monitoring Maintenance Window policy.
Mobile Device Management A Mobile Device Management policy manages restrictions and settings for enrolled mobile devices.
Refer to Create a Mobile Device Management policy.

IMPORTANT  The Mobile Device Management (MDM) feature is no longer available for new implementations. MDM-related documentation in the Datto RMM Help only applies to partners who are already using this feature; however, Datto no longer offers support for issues with MDM. Please note that if the Mobile Device Management component is deleted from your Component Library, you will not be able to download it from the ComStore again. For further information regarding this change, please refer to this Community post.
Monitoring A Monitoring policy allows the user to configure monitors to run on the devices targeted with the policy.
Refer to Create a Monitoring policy.
Patch Management A Patch Management policy allows you to automate the deployment of software patches to the devices you manage.
Refer to Create a Patch Management policy.
Power A Power policy allows you to configure the Windows Control Panel > Power Options on the devices that are targeted with this policy.
Refer to Create a Power policy.
Security Management A Security Management policy allows you to push out Kaspersky or Webroot to your endpoints and raise alerts and tickets as per the criteria set in the monitor details. This type of policy is only available if the Kaspersky Endpoint Security Integration or the Webroot Endpoint Security Integration is enabled for the account.
Refer to Create a Security Management policy.
Software Management A Software Management policy allows you to configure third-party software application updates and define when those updates should be installed.
Refer to Create a Software Management policy.
Windows Update A Windows Update policy allows you to control the features of the automatic update settings of Windows Update.
Refer to Create a Windows Update policy.
iOS App Management An iOS App Management policy targets your iOS devices with a list of applications that you previously added to your Component Library from the iOS App Store.
iOS App Management policies can be created and managed by navigating to Account > Manage > iOS App Management or Sites > select a site > Manage > iOS App Management.
Refer to Create an iOS App Management policy.
Printer Policy Refer to Printer Monitor.

Policies are managed on the Account > Policies, Site > Policies, and Device > Policies tabs. At the site and device level, both account policies and site policies that target the selected site/device are displayed.

iOS App Management policies can be created and managed by navigating to Account > Manage > iOS App Management or Sites > select a site > Manage > iOS App Management. Refer to Create an iOS App Management policy.

The following information is available:

Field Description
Type of policy At the account level, you will see only account policies. At the site and device level, both account and site policies are displayed and grouped separately.
Override active icon This icon only appears if the policy in question is an account-level patch management policy AND it is overridden at the site level. At the same time, an Edit Override button becomes available for the policy. Refer to Override account-level patch policy options at the site level.
Name The name of the policy. Click on the name to edit the policy. For field descriptions of the various policy types, refer to Create a policy.
Targets Each policy can have one or many targets, which in turn can consist of one or many device filters, device groups, and site groups.

NOTE  Multiple targets are connected by an OR operator. For example, if one target is "Site Group A" and another target is "All Laptops", then all devices in Site Group A and all laptops of the account will be included (not just the laptops belonging to Site Group A).
Type Indicates the type of policy. Refer to Types of policies.
Override / Edit Override The Override button only appears if the policy in question is an account-level patch management policy that is not overridden at the site level.
The Edit Override button only appears if the policy in question is an account-level patch management policy that is overridden at the site level. At the same time, an Override active icon will be visible in front of the policy.
Refer to Override account-level patch policy options at the site level.
Push changes... Click Push changes... to immediately push any policy changes to all devices targeted by the policy. The target icon changes color when changes are being pushed.

NOTE  If you click Save Only (current UI) or Save and Deploy Later (New UI) instead of Save and Push Changes (current UI) or Save and Deploy Now (New UI) when creating or updating a policy, the changes will still be deployed at midnight in your timezone because policies are automatically deployed every 24 hours.
Target icon Clicking on this icon will open a pop-up window to show included and excluded sites and/or devices targeted by the policy. In the case of patch management policies, the Override active icon will be displayed in front of sites that override the account-level policy options.
In the case of account-level policies, you can filter by Site Exclusions and Site Manually Enabled (for patch management policies these options change to All Sites, Included Sites, and Excluded Sites), and you can also filter by All Devices, Included Devices, and Excluded Devices in the case of both account-level and site-level policies. You can turn the policy on or off for your sites and devices by toggling the Enabled button to ON or OFF, and you can push the changes by clicking on the Push changes... button. The target icon changes color when changes are being pushed.
Enabled / Enabled for this site / Enabled for this device A toggle to turn the policy ON or OFF at the account, site, or device level.
Only displayed at the device level when the device has been excluded from the policy in question at the site level.
Remove Policy Only available at the account and site level. Hover over a row and click this icon to delete the policy.
New account policy... / New site policy... Click to create a new policy at the account or site level. Refer to Create a policy.
Import Policy Refer to Import a Monitoring policy.
Clear All Alerts / Clear All Site Alerts / Clear All Device Alerts Click to resolve all alerts at the account, site, or device level. This will not send an email or update tickets. If you require email notifications or tickets to be updated, you should resolve the alerts individually. Devices with monitors in alert status will re-trigger within 24 hours. Refer to Manage alerts.

To learn how policy memberships get recalculated, refer to Policy membership recalculation.