7.4 Endpoint Security Management

ZENworks Endpoint Security Management lets you protect devices by enforcing security settings via policies. You can control a device's access to removable storage devices, wireless networks, and applications. In addition, you can secure data through encryption and secure network communication via firewall enforcement (ports, protocols, and access control lists). And you can change an endpoint device's security based on its location.

The following tasks must be done in the order listed.

Task		Details
Activate Endpoint Security Management		If you did not activate Endpoint Security Management during installation of the Management Zone, either by providing a license key or by turning on the evaluation, you must do so before you can use the product. For instructions, see Activating Endpoint Security Management.
Enable the Endpoint Security Agent		The Endpoint Security Agent enforces security policies on devices. It must be installed and enabled on each device to which you want to distribute security policies. For instructions, see Enabling the Endpoint Security Agent.
Create locations		Security policies can be global or specific to locations. A global policy is applied in all locations. A location-based policy is applied only when the Endpoint Security Agent determines that the device’s network environment matches the environment defined for the location. If you want to use location-based policies, you must create locations. For instructions, see Creating Locations.
Create security policies		A devices security settings are configured through security policies. There are 11 types of security policies you can create. For instructions, see Creating a Security Policy.
Assign policies to users and devices		Security policies can be assigned to users or to devices. For instructions, see Assigning a Policy to Users and Devices.
Assign policies to zones		To ensure that a device is always protected, you can define default security policies for each policy type by assigning policies to the zone. A zone-assigned policy is applied when a device is not covered by a user-assigned or device-assigned policy. For instructions, see Assigning a Policy to the Zone.