...
There is no limit to the number of exclusions requested per computer, but a consultant should only submit one request per computer. Additional exclusions requested should go on the original Jira ticket. This is to ensure we track one Jira ticket per computer.
Step-by-Step Guide
To request a Device Management Exclusion, follow these steps:
...
- The device serial number or service tag.
- The building and room number where the device is located
- Your preferred contact number
- A written justification that should document the use case of the device as well as the need for the exclusion as it pertains to University academic and/or business processes.
...
IT Agent Process for Requesting the Exclusion?
- First, when an IT Agent receives a Computer Support Request for an exclusion from the user:
- They should follow up with the user to make sure there is no other way to resolve their issue without the need for the exclusion.
- If still needed, the agent can start the internal process using the Management Policy Exclusion request listed below
- Visit https://tech.appstate.edu and submit a Management Policy Exclusion Request:
- Summary Field
- Provide the specific management policy that needs to be excluded. Here are some examples:
- Patching
- Application Patching (i.e. Google Chrome Updates)
- Minor OS Updates (i.e. security updates with or without reboots)
- Major OS Upgrades (i.e. Reminders to upgrade to latest OS)
- Settings
- Auto Logout or Lock Settings
- Account Deletion
- Local Account Deletion
- AD Account Deletion
- Energy settings
- Etc.
- Patching
- Provide the specific management policy that needs to be excluded. Here are some examples:
- Justification Field - use the justification/use case provided by the user
- Responsible Party
- This is the specific end user that has requested the exclusion and will be responsible for approving the exclusion each year.
- Summary Field
- Visit https://tech.appstate.edu and submit a Management Policy Exclusion Request:
- ***NOTE: the responsible party will be responsible for maintaining the machine in a secure, patched, and supportable state once a management policy exclusion has been applied.
- Technical Implementation
- Not all exclusion requests may be technically possible from SCCM or Jamf Pro.
- Some software is not eligible for exclusions:
- Malware Protection: Cisco AMP
- Intrusion Prevention & Detection: Cisco AMP
- Centralized Logging: ELK
- Emergency Desktop Notifications: Alertus Desktop
- If the request is approved Systems will add the device to the available technical implementation for exclusions.
- ***NOTE:
- Auditing Exclusions
- After 365 days, the SLA timer expires and a linked request gets created for the DSS consultant to review
- The consultant needs to reach back out to the responsible party to confirm the exclusion is still needed for another year
- Document the response in the ticket and close it (the associated Systems agent should be included on the linked ticket and will get the notification. If not, @mention the associated Systems agent in the ticket).
- Systems agent then handles the refresh of the Exclusion ticket by restarting the approval process for another year
Insert risk/responsibility verbiage here.
Info | ||
---|---|---|
| ||
You, the responsible party, will be responsible for maintaining the device in a secure, patched, and supportable state once a management policy exclusion has been applied |
...
. |
Related Articles
Content by Label | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
...