Electric IT Hub | Jumpcloud MDM: Default Policies

Getting Started

Electric has a set of default security policies that we automatically configure for every organization. The policies are defined by our internal experts to keep devices on both Windows and MacOS supported with core security policies.

For more information on our MDM, please refer to this article: https://support.electric.ai/electricithub/electric-it-hub-value-of-mdm

NOTE: Electric has the option to add an additional MDM Policy for USB restrictions.

Please reach out to product support to activate this on an on demand basis: product-support@electric.ai

MacOS Policies

Policy Name	Description	Behavior	Activation
FileVault 2	Enables and enforce FileVault.	Encrypts the entire startup drive Once the policy is successfully enabled for the system, a Recovery Key will be displayed for that respective System under System Details.	A user will need to log out and log back in for the policy to take effect. Removing this policy will not disable FileVault 2 once enabled.
Gatekeeper	Allow Apps from App Store and Identified Developers	When this policy is applied it will affect which applications are allowed to install and run based on the selected options.	N/A
Local Firewall Controls	Manages the local host firewall settings.	Enables Firewall to protect all network connections	The user will need to log out and log back in for the policy to take effect.
Lock Screen Policy	The user's screen saver will lock after the amount of seconds specified.	The user's screen saver will lock after 15 minutes. A password will be required to unlock the screen saver.	Takes effect immediately on MDM install
Software Update Settings	Controls how and when automatic software updates are installed on user macOS devices for App Store updates, macOS version updates, critical updates, and pre-releases. This policy does not control major macOS upgrades.	Determines if automatic updates are installed on user devices, and if user will see prompts for the software updates where needed.	User must restart the device before this policy can take effect.
Password Settings	Establishes the password policy for a secure device password	User must adhere the following: Minimum of 10 characters Must include at least one uppercase letter Must include at least one number Must include at least one special character Cannot be a commonly used password Cannot include the username	Takes effect immediately but will not be enforced until next password change or new user creation.

Windows Policies

Some policies have limited functionality on Windows Home.

Microsoft restricts management features to specific Windows editions (Pro, Enterprise, Education). Windows Home lacks some infrastructure that MDM relies on to apply policies and take actions. This could be: Windows Management Instrumentation (WMI) providers for device configuration, group policy support for centralized management, and enterprise-grade security policies and certificate management.

Policy Name	Description	Behavior	Activation
BitLocker Full Disk Encryption Policy	Enable and enforce BitLocker. If BitLocker is already enabled on the target system, it must have a single BitLocker numerical password set.	Encrypts the entire startup drive Once the policy is applied to a system, a Recovery Key will be displayed for that respective System under System Details. The drive is not fully encrypted until the policy result shows that it was applied successfully. Removing this policy will not disable BitLocker or remove key protectors once enabled.	The policy will take effect on the next reboot. This policy works on Windows 10 Pro/Enterprise/Education and Windows 11 Pro/Enterprise/Education (must have TPM 2.0).
Configure Windows Updates Policy	This policy manages the system update behavior.	These settings will control when and how updates and upgrades are downloaded and installed.	The system must be rebooted for the policy to take effect.
Lock Screen Policy	When a managed system is inactive for the length of time specified in the policy's configuration, the screen saver will activate and lock the machine. A password will be required to unlock the machine.	The user's screen saver will lock after 15 minutes. A password will be required to unlock the screen saver.	The user will need to log out and log back in for the policy to take effect. For Windows 10 and 11, expect a 5-minute delay after each new login before the specified timeout settings will take effect.
Windows Firewall Policy	Controls the behavior of Windows Firewall in Windows.	Enables Windows Firewall to protect all network connections	The policy will take effect on the next boot.
Password Settings	Establishes the password policy for a secure device password	User must adhere the following: Minimum of 10 characters Must include at least one uppercase letter Must include at least one number Must include at least one special character Cannot be a commonly used password Cannot include the username	Takes effect immediately but will not be enforced until next password change or new user creation