Page History

...

There is no limit to the number of exclusions requested per computer, but a consultant should only submit one request per computer. Additional exclusions requested should go on the original Jira ticket. This is to ensure we track one Jira ticket per computer.

Step-by-Step Guide

To request a Device Management Exclusion, follow these steps:

...

1. The device serial number or service tag.
2. The building and room number where the device is located
3. Your preferred contact number
4. A written justification that should document the use case of the device as well as the need for the exclusion as it pertains to University academic and/or business processes.

...

IT Agent Process for Requesting the Exclusion?

1. First, when an IT Agent receives a Computer Support Request for an exclusion from the user:
   1. They should follow up with the user to make sure there is no other way to resolve their issue without the need for the exclusion.
2. If still needed, the agent can start the internal process using the Management Policy Exclusion request listed below
   1. Visit https://tech.appstate.edu and submit a Management Policy Exclusion Request:
      1. Summary Field
         1. Provide the specific management policy that needs to be excluded. Here are some examples:
            1. Patching
               1. Application Patching (i.e. Google Chrome Updates)
               2. Minor OS Updates (i.e. security updates with or without reboots)
               3. Major OS Upgrades (i.e. Reminders to upgrade to latest OS)
            2. Settings
               1. Auto Logout or Lock Settings
               2. Account Deletion
                  1. Local Account Deletion
                  2. AD Account Deletion
               3. Energy settings
               4. Etc.
      2. Justification Field - use the justification/use case provided by the user
      3. Responsible Party
         1. This is the specific end user that has requested the exclusion and will be responsible for approving the exclusion each year.

• ***NOTE: the responsible party will be responsible for maintaining the machine in a secure, patched, and supportable state once a management policy exclusion has been applied.

1. Technical Implementation
   1. Not all exclusion requests may be technically possible from SCCM or Jamf Pro.
   2. Some software is not eligible for exclusions:
   1. Malware Protection: Cisco AMP
   2. Intrusion Prevention & Detection: Cisco AMP
   3. Centralized Logging: ELK
   4. Emergency Desktop Notifications: Alertus Desktop
1. If the request is approved Systems will add the device to the available technical implementation for exclusions. 
2. ***NOTE: 
2. Auditing Exclusions
1. After 365 days, the SLA timer expires and a linked request gets created for the DSS consultant to review
2. The consultant needs to reach back out to the responsible party to confirm the exclusion is still needed for another year
3. Document the response in the ticket and close it (the associated Systems agent should be included on the linked ticket and will get the notification.  If not, @mention the associated Systems agent in the ticket).
4. Systems agent then handles the refresh of the Exclusion ticket by restarting the approval process for another year

Insert risk/responsibility verbiage here.

...

Related Articles

...