Automatic rules for moving devices between administration groups
We recommend restricting the use of automatic rules for moving devices between administration groups.
If you use automatic rules for moving devices, this may lead to propagation of policies that provide more privileges to the moved device than the device had before relocation.
Also, moving a client device to another administration group may lead to propagation of policy settings. These policy settings may be undesirable for distribution to guest and untrusted devices.
This recommendation does not apply for one-time initial allocation of devices to administration groups.
Security requirements for distribution points and connection gateways
Devices with Network Agent installed can act as a distribution point and perform the following functions:
Taking into account the available capabilities, we recommend protecting devices that act as distribution points from any type of unauthorized access (including physical).
Page top