Configure SoM Policy
Home » Features »

Configure SoM Policy

How to configure SoM Policy?

This document provides a comprehensive guide to configuring Scope of Management (SoM) policy in Endpoint Central. It covers step-by-step instructions for enabling automatic detection and addition of new computers to the SoM, setting options for deleting inactive or removed computers, adjusting sync frequency, specifying sync targets within Active Directory, and configuring notification preferences.

Table of Contents

  1. Configure Detect and Add New Computers
  2. Configure Delete Inactive Computers
  3. Configure Sync Settings
  4. Targets to be synchronised
  5. Notification Settings

1. Configure Detect and Add computers

Navigate to Agent > SoM Policy > AD Sync Settings. This will open SoM policy view.

som policy

  • Enable "Detect and Add New Computers":
    • Install Agent and Notify: Automatically installs the agent on new computers added to the Active Directory (AD) and sends email notifications.

      • Note: If IP scope for remote offices is not set, the local office agent will be installed on these new computers. This can be modified later.

    • Notify Only: Adds the new computers to the Scope of Management without installing the agent. You can view them under Agent > SoM Policy > View Sync Information > Show > Added Computers.

detect and add computers

  • Configure Notification Options: Click Configure to open a new window for adding variables to customize notifications.

configure notification

2. Configure Delete Inactive Computers

Two methods are available for managing inactive or removed computers:

  • Active Directory-based Removal:
    • Delete and Notify: Automatically removes computers deleted from AD from the Scope of Management during the next sync, with a notification.
    • Notify Only: Sends a notification if computers are removed from AD without deleting them from the Scope of Management.
    • Take No Action: No action or notification when computers are removed from AD.

Make sure AD Recycle bin is enabled, to remove computers from Scope of Management that are deleted in AD

delete computers

  • Inactive Computers:
    • Delete and Notify: Removes computers that have not contacted the Endpoint Central server within a specified period, based on the agent’s last contact time.
    • Notify Only: Notifies when a computer has been inactive for the specified period without deleting it.

    • Note: The 'Delete Inactive Computers' feature identifies and removes devices based on the last time their agent communicated with the server. This applies to all computers, whether they are part of an Active Directory (AD) domain or configured in a workgroup.

  • Configure Notification Options: Click Configure to add variables for customized notifications.

configure notification settings

3. Configure Sync Settings

  • Edit Sync Frequency: Click the edit symbol to set sync intervals: once every 6 hours, twice a day, or once daily.

som policy sync settings

4. Set Targets to be Synchronized

  • Navigate to Agent > SoM Policy > Add Targets.
  • Select synchronization targets by Domains, Organizational Units (OUs), or Groups within AD.

    • Note: Only Domain or OU/Groups can be added at a time, as OUs are part of a Domain.

    define targets

5. Configure Notification Settings

  • Set Email Notifications: Enter the email address to receive notifications about changes in the Scope of Management.

Trusted by