Step-by-Step JumpCloud BYOD Policy Configuration

1️⃣ Enable Device Enrollment for BYOD Users

(For Windows, macOS, and Linux devices)

1. Go to JumpCloud Admin Console → Devices.
2. Click “Add Device” → Select “User Enrolled (BYOD)”.
3. Generate Enrollment Link and share it with users.
4. Users install the JumpCloud Agent for monitoring & compliance enforcement.

---

2️⃣ Enforce Security Policies for BYOD Devices

🔹 A. Full Disk Encryption (FDE) Policy

✅ Windows: Enable BitLocker
✅ Mac: Enable FileVault
✅ Linux: Enforce LUKS Encryption

How to Set in JumpCloud:

1. Go to “Policies” → Click “Add Policy”.
2. Search for BitLocker/FileVault/LUKS, and enable it.
3. Configure:
   • Mandatory Encryption
   • Require a TPM chip (Windows)
   • Auto-save recovery keys in JumpCloud Directory

---

🔹 B. Password & Authentication Policy

✅ Minimum 12-character passwords
✅ Require uppercase, lowercase, numbers, special characters
✅ Password rotation every 90 days
✅ Lockout after 5 failed attempts
✅ Enforce MFA for JumpCloud Login & SSO

How to Set in JumpCloud:

1. Go to “Policies” → Add “Password Complexity” policy.
2. Go to “Multi-Factor Authentication (MFA)” → Enable:
   • JumpCloud MFA for login
   • SSO MFA for apps like Google Workspace, M365

---

🔹 C. Screen Lock & Idle Timeout

✅ Auto-lock screen after 5-10 minutes of inactivity
✅ Require password for wake-up

How to Set in JumpCloud:

1. Go to “Policies” → Search “Screen Lock”.
2. Enable auto-lock after 5 minutes.
3. Enforce password requirement after screen lock.

---

🔹 D. Antivirus & Endpoint Protection

✅ Require Antivirus (Defender, CrowdStrike, SentinelOne, etc.)
✅ Block non-compliant devices from accessing resources

How to Set in JumpCloud:

1. Go to “Policies” → Add “Antivirus Compliance”.
2. Set “Device must have an antivirus installed and running”.
3. Monitor device security status in JumpCloud Device Insights.

---

🔹 E. OS & Software Updates Policy

✅ Windows Update: Force automatic updates
✅ macOS: Enforce security updates
✅ Linux: Require apt/yum updates every 14 days

How to Set in JumpCloud:

1. Go to “Policies” → Search “Windows Update” → Set to automatic.
2. For macOS/Linux: Enforce update compliance monitoring in JumpCloud Device Insights.

---

3️⃣ Configure SSO & Conditional Access

🔹 A. Setup JumpCloud SSO for Secure BYOD Access

1. Go to “SSO” → Add Google Workspace, Office 365, Slack, Zoom, etc.
2. Enforce MFA for all SSO logins.
3. Use Conditional Access Rules:
   • Block logins from untrusted devices.
   • Allow access only from JumpCloud-managed devices.

---

🔹 B. Device Trust & Conditional Access Policy

✅ Deny access if device lacks encryption, antivirus, or OS updates
✅ Restrict access based on location & IP

How to Set in JumpCloud:

1. Go to “Conditional Access” → Add a new rule.
2. Set:
   • “Only allow access from JumpCloud-managed devices”.
   • “Block access if device is non-compliant (no encryption, AV, updates)”.
   • “Restrict access to specific IP ranges (e.g., Office VPN)”.

---

4️⃣ Configure Network & VPN Security

✅ Require 802.1X authentication for Wi-Fi
✅ Allow VPN access only from JumpCloud-compliant devices

1. Go to “Policies” → Add Wi-Fi Security Policy.
2. Enforce 802.1X authentication using JumpCloud directory.
3. Restrict VPN access only to compliant devices using a JumpCloud RADIUS Server.

---

5️⃣ Monitor & Audit BYOD Compliance

✅ Track security status via JumpCloud Device Insights
✅ Generate audit logs for compliance reporting
✅ Alert admins for non-compliant devices

1. Go to “Device Insights” → View enrolled BYOD devices.
2. Enable compliance alerts for security issues (e.g., outdated OS, missing encryption).
3. Generate audit logs for compliance tracking (useful for ISO, SOC2, HIPAA).