Asset Management: Protect & Track Company Devices
      Back to home
      1. Trustero Support
      2. Phase 3: Operationalize Controls
      3. Asset Management: Protect & Track Company Devices

      Laptop Protection & Management Procedure Template

      A template for an internal wiki page, which outlines the procedure to ensure laptops are securely configured (hardened), and registered within an MDM solution prior to deploying for use

      Customize this template for your company’s specific environment. For example, the company in the below example has a completely remote workforce, uses only Mac laptops, and has outlined the specific enrollment process for its chosen MDM solution. 

      Overview 

      Since [Company] embraces a fully remote working model, ensuring robust laptop management and protection for all employees is crucial. This guide offers [Company] team members expectations on our laptop setup, protective measures, and key guidelines to follow. 

      The below sections detail the initial laptop setup process, security feature settings, and our software installation policy. 

      Initial Setup Process 

      1. Laptop Delivery: [Company] will ship a laptop with the necessary operating system pre-installed. Once received, the user simply needs to set up their unique username and password to gain access. 
      2. MDM Enrollment: An enrollment link for [MDM solution name] will be sent to the user's email. Clicking on this link will initiate the installation of the MDM Profile, which allows [Company] to manage and protect the laptop remotely. 
      3. Additional Software: Any other essential software links will be sent to the user separately. Ensure these are installed to be fully operational and compliant with [Company]’s standards. 

      Setting Up Security Features 

      Firewall Protection: In most cases, firewall protection will be turned off by default and manual activation is required by users. In Macs, the firewall can be turned on in System Settings, under Network.

      To learn more about how to enable the firewall and block unwanted connections, see this Apple support article: Block connections to your Mac with a firewall

      MDM Dashboard Monitoring: Our engineering team will constantly monitor the [MDM solution name] dashboard to ensure that each laptop is enrolled correctly under [Company]'s MDM software. 

      Software Installation Policy 

      Disallowed Software Installations: [Company] is committed to ensuring the safety and integrity of company data. Before installing any new software, check its risk rating on virustotal.com. If it's rated as high risk, avoid the installation and consult with your manager for alternative solutions. 

      Monitoring & Alerts: Our Mobile Device Management (MDM) solution, [MDM solution name], continually monitors all [Company] laptops. If a vulnerability or breach is identified, an alert is generated immediately to our on-call engineer. Employees must act on these alerts promptly and coordinate with the engineer on-call.