Some policies you create provide a list of options for you to specify, enable, or disable. For example, when you create a policy for Window devices to control when the screen saver locks down an inactive device, you need to also configure the timeout in seconds.
Specific policies have nuances that are important to note as you apply them to your fleet. For example, after applying a Windows policy, it may take 5-10 minutes for the policy update process to run. We recommend that you reference the article for a specific policy if you have concerns.
Below is a list of all Windows policies in JumpCloud. Specific instructions for more nuanced policies are linked in the Learn More column. If a Learn More article isn't listed, you can use the basic steps in Get Started: Policies for help.
Windows Policies
Policy Name | Description | Category | Learn More |
---|---|---|---|
Advanced: Custom Registry Keys | Manage the specific registry keys you need all in one place, and easily see which devices have the registry changes applied. | Enterprise Settings, Configuration | Create Your Own Windows Policy Using Registry Keys |
Allow System To Be Shutdown Without Having To Logon | Ensure the device is able to be shut down from the log on screen. | Enterprise Settings | |
Allow The Use of Biometrics | Allow or restrict users from logging in to a managed device using biometrics. Note: JumpCloud doesn’t allow the use of Multi-Factor Authentication (MFA) and biometrics simultaneously. | Security, Compliance | Manage Windows Biometrics Using a Policy |
Allow Use Of Camera | Control access to the camera on the device. | Enterprise Settings, Security | |
BitLocker Full Disk Encryption | Enable and enforce BitLocker Full Disk Encryption for JumpCloud-managed devices. The BitLocker policy also lets admins easily view Recovery Keys for Windows devices that have this policy applied. | Enterprise Settings, Security | BitLocker Policy |
Block Microsoft Accounts | Manage the ability to add or log in with Microsoft Accounts. | Enterprise Settings, Compliance | |
Bluetooth Policy | Configure Bluetooth restrictions for Windows devices. | Enterprise Settings, Security, MDM | Bluetooth Policy |
Built-in Administrator Account Status | Disable or enable the built-in administrator account. | Enterprise Settings, Compliance | |
Built-in Guest Account Status | Disable or enable the built-in guest account. | Enterprise Settings, Compliance | |
Configure Explorer | Configure the behavior of Explorer in Windows. | Enterprise Settings, Configuration | |
Configure Help | Configure the behavior of Help in Windows. | Enterprise Settings, Configuration | |
Configure QoS | Configure the behavior of QoS in Windows. | Enterprise Settings, Configuration | |
Configure Windows Updates | Control when and how updates and upgrades are downloaded and installed. | Enterprise Settings, OS Management | Deploy Windows Updates to your Devices with Windows Update Policy |
Control Conflict Policy | Ensure that the MDM policies take precedence over group policies when the policies are configured on MDM channel. This policy is enabled by default and not displayed on the admin console. | Enterprise Settings, Security, Network, MDM | |
Control Panel Display | Set computer and user configurations to force a specific visual style on a Windows system. | Enterprise Settings, Configuration | Control Display Styles on a Windows System Using a Policy |
Device Installation | Control the behavior of Device Installation in Windows. | Enterprise Settings, Security | |
Disable Cortana | Control the behavior of Device Installation in Windows. | Enterprise Settings, Configuration | |
Disable Windows Spotlight Features | Disable the device's ability to utilize Windows Spotlight. | Enterprise Settings, Security | |
Disable Windows Store Application | Disable the device’s ability to launch the Windows Store application. | Enterprise Settings, Configuration | |
Disable Windows Store & Universal Windows Platform Applications | Disable the device’s ability to launch Windows Store and all Universal Windows Platform Applications on the system. | Enterprise Settings, Configuration | |
Display Configuration | Control the behavior of Displays in Windows. | Enterprise Settings, Configuration | |
Display User Info When The Session Is Locked | Control visibility of logged-in user's information when the device is locked. | Enterprise Settings, Security | |
DNS Client | Control the behavior of the DNS Client in Windows. | Enterprise Settings, Network | |
Do Not Display Last Username on Logon Screen | Require a username and password before logging into a device. | Enterprise Settings, Security | |
Do Not Require CTRL+ALT+DEL on logon screen | Require CTRL+ALT+DEL before logging into a system. | Enterprise Settings, Compliance | |
Error Reporting | Control the behavior of Error Reporting in Windows. | Enterprise Settings, Compliance | |
Event Logging | Control the behavior of Event Logging in Windows. | Enterprise Settings, Compliance | |
FeedbackNotifications | Control the behavior of FeedbackNotifications in Windows. | Enterprise Settings, Configuration | |
File Recovery | Control the behavior of File Recovery in Windows. | Enterprise Settings, Compliance | |
FindMyDevice | Control the behavior of FindMyDevice in Windows. | Enterprise Settings, Security | |
Globalization | Control the behavior of Globalization in Windows. | Enterprise Settings, Configuration | |
Google Chrome Browser Preferences | Disable the use of some security-related features of Chrome, such as the use of password manager, data security and privacy, and browsing experience, while making sure that users have access to the sites they need to improve productivity and efficiency. | Enterprise Settings, Configuration | Manage Chrome Browser Preferences Using a Policy |
Install Certificate Policy | Configure the install certificate for Windows devices enrolled in JumpCloud MDM | Enterprise Settings, Network, Security, MDM | Install Certificate Policy |
JumpCloud App Controls | Control the behavior of the JumpCloud App on JumpCloud-managed Windows systems. | Remote Management, Configuration | |
Lock Screen | Unattended devices that are still active with a user logged in create opportunities for unauthorized access to information and misuse of accounts. Lock inactive devices using JumpCloud's policy framework. | Security, Compliance | Creating a Lock Screen Policy for Windows Devices |
Logon | Control the behavior of Logon in Windows. | Security, Compliance | |
Message Text For Users Attempting To Log On | Specify a text message and title caption that is displayed to users when they log on. | Enterprise Settings, Configuration | |
MicrosoftAccount | Control the behavior of MicrosoftAccount in Windows. | Enterprise Settings, Configuration | |
Microsoft Edge | Control the behavior of Microsoft Edge on Windows 10. Note: This does not support the Microsoft Edge Chromium browser. | Enterprise Settings, Configuration | |
Mobilepcmobilitycenter | Control the behavior of Mobilepcmobilitycenter in Windows. | Enterprise Settings, Configuration | |
Mozilla Firefox Browser Preferences | Govern the use of Firefox, such as passwords, site and form history, data security by blocking autocomplete features, and the downloading experience. | Enterprise Settings, Configuration | Manage Firefox Browser Preferences Using a Policy |
Msi | Control the behavior of MSI in Windows. | Enterprise Settings, Configuration | |
Onedrive | Control the behavior of OneDrive in Windows. | Enterprise Settings, Configuration | |
Performance Diagnostics | Control the behavior of Performance Diagnostics in Windows. | Enterprise Settings, Configuration | |
Power Management | Control the behavior of Power in Windows. | Enterprise Settings, Configuration | |
Remote Assistance | Control the behavior of Remote Assistance in Windows. | Remote Management, Configuration | |
Remote Management | Control the behavior of Remote Management in Windows. | Remote Management, Configuration | |
Remote Shell | Control the behavior of Remote Shell in Windows. | Remote Management, Configuration | |
Removeable Storage | Control the behavior of Removable Storage in Windows. Deny all or specify which types of removable storage to deny. | Enterprise Settings, Security | Manage Removable Storage on Windows Devices |
Rename Local Administrator Account | Rename the inbuilt Local Administrator account. | Enterprise Settings, Configuration | |
Rename Local Guest Account | Rename the inbuilt Local Guest account. | Enterprise Settings, Configuration | |
Restrict Control Panel Access | Restrict access to the panes of the Control Panel. | Enterprise Settings, Configuration | |
Restrict Settings App Visibility | Restrict access to the pages of the UWP Settings Application. | Enterprise Settings, Configuration | |
SCEP Profiles Policy | Configure Simple Certificate Enrollment Protocol (SCEP) for your JumpCloud MDM enrolled Windows devices. | Enterprise Setting, Security, MDM | SCEP Profiles Policy |
Sharing | Control the behavior of Sharing in Windows. | Enterprise Settings, Configuration | |
Software Restrictions | Specify locations where applications can run or can’t run. | Enterprise Settings, Software Management | Restrict Software on Windows Devices Using a Policy |
Start Menu | Control the behavior and preference settings for the Start Menu on Windows. | Enterprise Settings, Configuration | |
Systemrestore | Control the behavior of Systemrestore in Windows. | Enterprise Settings, Configuration | |
Turn Off Autoplay. | Disable the autoplay feature on all drives. | Enterprise Settings, Configuration | |
VPN Policy | Configure a VPN profile policy for Windows devices to securely and remotely access the organization’s network. | Enterprise Settings, Network, Security, MDM | VPN Policy |
WiFi Configuration Policy | Configure a wireless network for Windows devices. | Enterprise Settings, Network, Security, MDM | WiFi Configuration Policy |
Windows Defender | Control the behavior of Windows Defender in Windows. | Enterprise Settings, OS Management | |
Windows Firewall | Control the behavior of Windows Firewall in Windows. | Enterprise Settings, OS Management | Create a Windows Firewall Policy |
Winmaps | Control the behavior of Winmaps in Windows. | Enterprise Settings, Configuration |
Windows 10 Enterprise N Edition Considerations
The "N" editions of Windows 10 include the same functionality as other editions of Windows 10, except for media-related technologies. The N editions don't include Windows Media Player, Skype, or certain preinstalled media apps (Music, Video, Voice Recorder). New features such as Cortana, Windows Hello, and PDF viewing in the new Edge browser rely on Windows Media files that aren't included in N editions. Certain websites and software, such as Windows Store apps or Microsoft Office, use Windows Media-related files that aren't included in N editions. The following is a list of JumpCloud policies that are not supported (or, where noted, partially supported with degraded experience) on Windows 10 Enterprise N.
- Allow Use of Biometrics
- Allow Use of Camera
- Configure Explorer – Windows update configuration is affected by missing media dependencies
- Configure Windows Updates – Windows Store apps with media dependencies are affected
- Disable Cortana
- Display User Info When Session is Locked – Lock screen appearance differs due to missing media dependencies
- Do Not Display Last Username on Logon Screen – Lock screen appearance differs due to missing media dependencies
- Do Not Require CTRL+ALT+DEL on Logon Screen – Lock screen appearance differs due to missing media dependencies
- FeedbackNotifications
- Message Text for Users Attempting to Log On – May be affected by missing media dependencies
- Microsoft Edge – May be affected by missing media dependencies
- OneDrive
- Removable Storage
- Software Restrictions
- Windows Defender – May have limited functionality
- Winmaps – May be affected by missing media dependencies