Managing devices using policies

In Trust Protection Platform, a folder is a policy. Folders let administrators define global configuration parameters for assets associated with a policy, including CA template, device, and application objects.

When an object is defined under a folder (policy), that object is then associated with the folder and is subject to that folder’s settings. Trust Protection Platform reads values for the folder’s subordinate objects. For example, if you configured the Device Host Information settings in a folder object, Trust Protection Platform would read those values for the policy’s subordinate device objects. Thus, policies can be used to standardize object configuration parameters and enforce security requirements.

Thus, policies can be used to standardize object configuration parameters and enforce security requirements.

For more detailed information on how folders work, see Using policies to manage encryption assets.

BEST PRACTICE  Consider managing object settings using a policy. For more information, see Managing devices using policies.

NOTE  You must have write permissions on the policy object where you want to configure the device object settings.

  1. From the TLS Protect menu bar, click Policy Tree.
  2. In the Policy tree, select the policy object where you want to configure device object settings, and then click the Devices > Device tabs.
  3. The Detail View displays the Policy object’s associated settings.

  4. In the Detail View, define the settings you want to apply to the policy’s subordinate Device objects.

    For details on each setting, refer to Device object settings (agent, agentless, and adaptable provisioning).

  5. Lock or unlock the value.

    When you define an attribute within a Policy object, you can lock or unlock the value. By default, policy values are unlocked . Locked attributes cannot be modified in objects contained by that policy, including sub-policies. Unlocked attributes function as suggested values; they can be accepted or overwritten in the subordinate object configuration.

  1. Click the attribute’s drop-down menu .

    The menu shows the available options for the current attribute.

  2. Click Lock this value.

    The attribute’s icon changes to indicate the current value is in a locked state .