Help Center
14 DAY FREE TRIAL
Search Close Search
Search result for "aa"
View all results

No Search Results

14 DAY FREE TRIAL
  1. Help Center
  2. Solution Framework
  3. Security Posture & Compliance

Category filter

How to Create a Geofencing Policy to Lock Devices Outside the Office

Jump To

Overview

Geofencing is a powerful security feature that allows IT administrators to create virtual geographic boundaries. By implementing a geofencing policy, you can ensure that corporate-owned devices remain functional only within a designated area (like your office). In Hexnode UEM, automatically locking a device when it crosses the perimeter requires a three-part approach: defining the Geofence, marking boundary exits as a Compliance violation, and triggering an Automation rule. This is an essential strategy for preventing data breaches due to hardware theft or unauthorized off-site usage.

Prerequisites

To implement geofencing effectively, ensure the following:

  • Location Services: Must be enabled on the target devices.
  • Hexnode App Permissions: The Hexnode UEM app must have “Always” location access (iOS) or “Allow all the time” (Android).
  • Supported Platforms: iOS, Android, Windows, and macOS devices.

Step 1: Create a Geofence (The Virtual Boundary)

Before creating a policy, you must define the physical coordinates of your office.

  1. Log in to your Hexnode UEM Portal.
  2. Navigate to Admin > Geofencing.
  3. Click Create Fence.
  4. Set the Location: Type your office address in the search bar.
  5. Choose a Shape: Select either Polygon (to trace an exact building outline) or Circle.
  6. Define the Radius: If using a circle, set a radius (in meters) around the location. Hexnode supports a radius between 100 and 6500 meters. For a standard office, a radius of 100–200 meters is recommended to account for GPS drift.
  7. Provide a Name: Enter a name in the Fence Name field (e.g., “Main Office HQ”).
  8. Click Save.

Step 2: Assign the Geofence to Devices

You must apply the geofence to your devices so Hexnode begins tracking their location relative to the boundary.

  1. Navigate to the Policies tab.
  2. Click New Policy and provide a name (e.g., “Office Perimeter Policy”).
  3. Go to Tracking and Fencing > Geofencing.
  4. Click + Add Fence and select the “Main Office HQ” fence you created in Step 1.

    5. Device report exported in PDF format of a device group.

  5. Click OK.
  6. Go to the Policy Targets tab, select the Devices, Users, or Device Groups that should be monitored, and click Save.

Step 3: Define the Rules of Engagement (Compliance)

Geofencing alone just tells the system where the device is. You must instruct Hexnode that leaving the fence is a critical security violation.

  1. Go to Policies > Compliance Policies > New Policy.
  2. Select your target platforms.
  3. Under Basic Settings, check the box for Device moves out of geofence.

    4. Screenshot of the Hexnode UEM console showing the Compliance Policies section within the Policies tab. A new policy is being configured for the target platforms where the checkbox for Device moves out of geofence is selected under the Basic Settings menu to enforce a Geofencing Policy to Lock Devices.

  4. Navigate to Policy Targets, apply this to the same devices/groups from Step 2, and click Save.
Note:

The moment a device leaves the area, it will now be marked as “Non-Compliant” in the Hexnode portal

Step 4: Automate the Device Lock

Now, you configure Hexnode to automatically lock the device the moment it becomes non-compliant due to location.

  1. Navigate to the Automate tab and click New Automation.
  2. Name the automation (e.g., “Defensive Lock: Office Exit”).
  3. The Trigger: Set the automation to trigger based on Activity and specifically select On Location Non-Compliance.
  4. The Action: Scroll to the Security actions section and choose your response:
    1. Lock Device (Standard): Sends the device to the standard lock screen, securing it behind the user’s existing passcode or biometric.
    2. Enable Lost Mode (Strict): Completely freezes the user out of the hardware, overrides their normal PIN, and can display a custom security warning on the screen.
  5. Target this automation at your high-security device groups and activate it.

How to Regain Access

If a device is locked because it left the geofence, how you regain access depends on the strictness of the action you chose in Step 4:

  • Standard Device Lock: The screen simply turns black and locks. The employee can unlock the device locally by entering their standard PIN, passcode, or using biometrics.
  • Lost Mode: The device is effectively a brick. An administrator must log into the Hexnode portal, go to Manage > Devices, select the locked device, and trigger the Disable Lost Mode remote action.

Best Practices for Geofencing

  • Test the Radius: Start with a slightly larger radius to avoid “false positives” where the device locks while the user is simply near a window or in the parking lot.
  • Battery Impact: Frequent location reporting can impact battery life. Balance the Location Update Interval by navigating to Policies > New Policy > Create a fully custom policy > [Platform] > Tracking and Fencing > Location Tracking based on your security needs (Hexnode allows intervals ranging from 15 minutes to 24 hours).

    • Screenshot of the Hexnode UEM console showing the Policies tab during the creation of a new fully custom policy. The Location Tracking option is selected from the Tracking and Fencing category in the left-hand menu, displaying configuration settings to manage the update interval as part of a Geofencing Policy to Lock Devices.

  • Notify Employees: Transparency is key. Inform users that their devices are geofenced to avoid confusion and support tickets when devices lock unexpectedly.
Need more help?
Image of Raise a Ticket Raise a Ticket
Image of Ask Community Ask Community
Image of Chat With us Chat With us
Solution Framework