Skip to main content

Device group

Device groups allow you to manage multiple devices that share common characteristics. This collective approach simplifies the deployment of policies, updates, and configurations. When a device is enrolled, it must be assigned to a device group, at which point the device immediately inherits the policies associated with its device group.

Static groups

A static device group is a set of devices manually managed by administrators. Devices are individually added or removed from the device group, and each device can only belong to one static group at a time.

Table 1. Static group characteristic

Characteristic

Description

Manual assignment

Devices are assigned to static groups during enrollment or through administrative actions.

Exclusive membership

A device can only belong to one static group at a time.

Mandatory assignment

All devices must be part of a static group.


Device group states

A device group can exist in one of two states, depending on its current usage.

Table 2. Device group states

State

Description

Enabled

The default state when a device group is created. Devices can be added to the group and assigned policies are active.

Disabled

No new devices can be added to the group. Existing devices will continue to operate under the assigned policies.


Tip

Disabling a device group is useful for phasing out a group without impacting the devices already assigned to it.

Policies and device groups

Device groups use policies to define the rules and configurations that govern device behavior, security, and updates. Policies are assigned to device groups to ensure uniform management across all devices within the group.

Table 3. Device group policy types

Policy type

Description

Certificate policy

Manage authentication by issuing and renewing certificates, ensuring secure communication between devices.

Deployment policy

Control the distribution and installation of firmware updates, applications, and configuration changes.

Security policy

Enforce security measures such as access controls, encryption standards, and compliance with organizational policies.


Disruptive policies

Disruptive policies are those that alter the operational state of a device, such as firmware updates or configuration changes that require a reboot. These policies can only be applied to static device groups to ensure that changes do not conflict with other policies or actions. Examples of disruptive policies include:

  • Firmware updates that may restart a device.

  • Security patches that modify core configurations.