It prevents users from accessing corporate data from unknown, public, or unauthorized devices. This ensures no business data is transferred, virus-infected, or so to and from a personal or public device.

  • The policy is setup using the device's unique MAC Id
  • Does not allow business data from personal machines, unless specified by IT admin
  • Policy violation report sent to admin on daily basis
  • Self-service rollout
  • Supports Linux, MAC, Windows, Chromebook

To create a new policy, Navigate to Home -- Policies -- Access Control -- Web, Click on Add option & you will get below page.


Title: Name your policy to identify it later when you want to make changes quickly. 

DescriptionShort description for helping understand the policy if more than one admin is managing the account 

Enabled: For some reason, if you want the policy to be disable for some time and re-enable it, you can check/uncheck “Enabled” option as shown above. 

Valid Always: You can decide the validity of the policy with valid Always button. Toggling this you can say whether you want a policy for a stipulated time or a policy which is always applied 

Valid From and Valid To: If Valid Always is off, then you will have to provide the date range for which the policy needs to be applied. This way admin need not manually turn off the policy

Risk: Select the Risk factor as per your norms 

Category: Select the category as Default or App, for default option, the policy will work as it is & for App option, the specific application will get bypass. 

In Device Restriction Option, you can whitelist the IP or whitelist MAC address and Device policy will get bypass for whitelisted IP or MAC Add. 

Basically, Under the Device Restriction, We have two options to implement it, 

1. Agent Based Device Restriction 

2. Certificate Based Device Restriction

In Agent Based, Admin needs to deploy CCS Agent in the user's system & in Certificate based system admin needs to run the certificate in user system.

You can implement this policy on specific user’s or OU’s or entire domain ( all User)