How to schedule deployment on devices enrolled in Hexnode

The Deployments feature in Hexnode UEM provides a streamlined solution for automating the deployment of files, certificates, custom scripts, device restrictions, and updates to managed devices. This feature stands out with its scheduling capability, allowing deployment actions to be initiated at designated times or triggered at device enrollment.

Though “deployments” might seem similar to “policies” in terms of functionality, it differs with regards to flexibility.

The Deploy tab is designed for automating the scheduling and execution of various operations on devices, while the Policy tab enables administrators to create and manage individual policy settings that can be applied to devices.

This guide walks you through the steps to create, schedule, and manage deployments within Hexnode UEM. Follow these instructions to efficiently automate and customize your device management processes.

Steps to create a deployment

Follow the below steps to create a Deployment to instantly deploy policies to a group of devices.

1. Navigate to Deploy > New Deployment.

   

2. Choose the platform for which you want to create the deployment.

   

   Basics

   Provide the following information after selecting the platform.

   1. Name: Enter a name for the deployment.
   2. Description: Provide a brief description to clarify the deployment’s intent or scope (optional).

      

3. Click Next.
   Actions

   Before proceeding with the deployment process, let’s understand what “Actions” in the Deployment correspond to:

   “Actions” in Deploy vs. “Remote actions”

   • Remote actions: Available in the Manage tab, remote actions are commands that perform a pre-defined operation instantaneously on devices. For example, device wipe, scan location, etc. They are one-time actions that you are required to initiate every time you need to get something done with the enrolled device.
   • Actions in the deployment feature: Actions in the deployment feature define the operations to be performed as part of this deployment. For instance, choosing specific policies to be associated with/removed from devices, users, or groups. The configured “Settings and Schedule” will act on these operations defined here.

   Under the Actions section, you have the following deployment options:

   Policy

   Currently, there are two options to deploy under the Policy section. You can either Associate Policy (to apply a policy to the devices) or Remove Policy (to remove a policy from the devices). Only one policy can be selected at a time for either option, but additional policies can be added by selecting Add New Action.

   

   Scripts

   The Scripts section allows you to deploy custom scripts on macOS and Windows devices. To schedule a script, select the Execute Custom Script option and choose the desired script from the Hexnode content repository. If required, you can use the Arguments field to specify script inputs. This field also supports wildcards. Once you’ve configured the script, click Add to finalize the action.

   

   Notes:

   • For macOS, script deployment is supported on devices running macOS 10.11 or later and requires the Hexnode Agent app version 1.2 or above.
   • For Windows, it is supported on Windows 10 and 11 (Pro, Enterprise, and Education editions) with Hexnode Agent version 4.2.2 or later installed.
   • It is recommended to validate the script execution manually on a system before executing in bulk.

   Scans

   The Scans section provides the following actions:

   1. Scan Device: This action retrieves basic details of the enrolled devices, such as battery percentage, installed apps, and device information. These details are then updated in the Hexnode UEM console.
   2. Sync Local Accounts: This action synchronizes user accounts with the Hexnode UEM console to retrieve detailed information about each account.
   3. Scan Device Location: This action fetches the real-time location of the device. It can only be performed if a location tracking policy is applied to the device.

      

      Notes:

      • Scan Device is available across all platforms.
      • Sync Local Accounts is available only for Windows and macOS devices.
      • Scan Device Location is available for all platforms, except Apple TV.
      • The Sync Local Accounts action requires the latest version of the Hexnode UEM app to be installed on the device.

   Alerts

   In the Alerts section, you can send custom messages to end-user devices, with the option to include wildcards that display device or user details within the message. The Alerts action is not available for Apple TV.

   

   Device Controls

   This section includes basic device control actions such as:

   1. Power Off: Allows the admin to remotely shut down devices.
   2. Restart Device: Allows the admin to remotely restart devices.
   3. Lock Device: Lets the admin lock devices so only those with the device password can unlock them.
   4. Enable Lost Mode: Locks down the device and tracks its location, ensuring it can’t be used if lost or stolen, and aids in quicker recovery.
   5. Disable Lost Mode: Once the device is retrieved, the admin can disable Lost Mode and return the device to normal functionality.
   Notes:
   • All five device control actions are available for Android, iOS, and Windows platforms.
   • macOS supports only Power Off, Restart Device, and Lock Device actions.
   • Apple TV supports only the Restart Device action.

   User Controls

   This section enables the creation of both admin and standard accounts remotely from the Hexnode UEM console using the deploy feature.

   Note:

   
   The User Controls action is supported on Windows and macOS platforms. For more details, refer to the help documents on Windows user account creation and macOS user account creation.

   Patches & Updates (only for Windows devices)

   For Windows devices, after setting the deployment name and description, you’ll find an additional option called Patches & Updates, located alongside the Bulk actions option that includes the actions mentioned above.

   

   The Patches & Updates section enables you to deploy a variety of OS and app updates to your Windows devices. Configuring patches and updates involves three steps:

   

   1. Choose update categories to target: You can select the type of updates to target, either Windows or Apps.

      When selecting Windows, you can specify the type of update to deploy, such as:

      1. Quality Updates: These updates include both security and non-security fixes, such as security patches, critical updates, servicing stack updates, and certain driver updates.
      2. Feature Updates: These updates introduce new features and functionality to Windows.
      3. Driver Updates: These updates cover updates for non-Microsoft drivers that are important for your devices’ proper functioning.
      4. Other Updates: These updates include non-critical or non-security-related updates that still contribute to maintaining and enhancing your system.

      

      Selecting Apps lets you define the type of app to be updated, including:

      1. Store Apps: Updates for applications installed through the Microsoft Store.
      2. Enterprise Apps: Updates for custom apps developed for internal use within your organization, deployed and managed across devices using Hexnode.

      

   2. Select updates to deploy: This section displays the available updates for Windows and Apps. You can select multiple updates at once to deploy to the devices. For Windows updates, you can search by update name, GUID, or KB number. For app updates, you can search by update name, app identifier, or publisher. Additionally, you can manage how updates are applied by choosing one of the following deployment actions:
      1. Download: Downloads the selected updates for installation at a later time. (applicable only to App updates)
      2. Install: Installs the selected updates immediately on the target devices.

      

   3. Configure Sequence, Success Criteria, Reboots: You can configure the order of update downloads/installation, set device reboot behavior after the update installation, and define the success criteria for the update deployment (success criteria are only supported on devices with the latest version of the Hexnode agent app installed.)
      1. Update Sequence: Arrange the updates in the preferred deployment order.
      2. Reboot After Installation: Choose from the following options:
         1. Reboot once after all installations are complete: The device reboots only after all updates have been installed.
         2. Reboot once after every successful installation: The device reboots after each individual update installation.
         3. Reboot once after specific update installation: The device reboots after completing the installation of selected updates. You can choose multiple updates for this option.

         

      3. Configure Success Criteria: This feature allows administrators to define specific conditions for determining whether an update was successfully deployed.

         The success criteria for Windows updates include:

         1. OS Version: Define the success of the deployment by selecting the Windows product (Windows 10 or Windows 11) and entering the desired OS version.

            

         2. OS Build Number: Define the success of the deployment by specifying the OS build number for the update.

            

         3. Script Output: A script is executed on the target device, and its output is used to verify if the update was successfully deployed.
            1. Select Script: Choose a pre-defined script from your script repository.
            2. Enter Value: Specify the expected output of the script execution (e.g., OK, TRUE, or the update version number).
            3. Enter Arguments: Arguments are optional parameters that customize a script’s behavior without modifying its code. Arguments make scripts more flexible by allowing different inputs for different scenarios.

               

         The success criteria for App updates include:

         1. Script Output: Similar to the success criteria for Windows updates, a script is executed on the target device, and its output is used to verify the update’s success. This option also includes the same additional attributes for configuring success criteria, as seen in the Windows ‘Script Output’ section.

            

         2. App Identifier: Provide the App Identifier for the application. This identifier, which can be a GUID or product code from the Windows Installer, or an app publisher’s name (e.g., {56DDDFB8-7F79-4480-89D5-25E1F52AB28F} or HexnodeUEM), is used to determine whether the app is installed on the target device.

            

         3. File Path: Verify the app’s installation by checking the presence of a specific file on the target device. Specify the file path (e.g., C:\Program Files\AppName\FileName.exe). This could be the path of any file that is created upon the successful installation of the app on the device.

            

         4. Registry Path: Define the path of a registry key to be checked on the target device. This can be any registry key that is created when the app is successfully installed on the device. For eg: HKEY_LOCAL_MACHINE\SOFTWARE\MyCompany\MyApplication.

            

4. Once the actions are selected, click Next.
   Settings and Schedule

   Configure the deployment scheduling and related settings here. You can trigger the action based on two criteria:

   Time:
   You can define the exact time when the action will be executed on the device.

   1. Initiate: You can configure the action initiation frequency. Choose between two options: Once or Repeat on a set schedule.
   2. Scheduled Date: Set the action initiation date in MM/DD/YYYY format (for the Once option).

      

   3. Scheduled Day: Specify the day for action initiation (for Repeat at a set schedule option). Three sub-options available:
      1. Everyday: The action will trigger daily.
      2. Selected days: Select specific days of the week for the action to trigger.
      3. Monthly: Specify the day of the month for action initiation, such as the 10th of every month.

      

   4. Scheduled Time: Set the time on which the action should take place on the devices, in HH/MM format and you can select the time zone also.

   Activity: Define the device activity that will trigger the action on the device. You can select from the following four activity types:

   1. On Device Enrollment: Triggers the action when the device is enrolled. The deployment action will be applied only to newly enrolled devices after their initial device scan.
   2. On SIM Insertion: Triggers the action upon the insertion of a SIM card on the device.
   3. On SIM Removal: Triggers the action when a SIM card is removed from the device.
   4. On SIM Switch: Triggers the action when a SIM card is replaced with a different one.

   

5. Once you have configured the Settings and Schedule, click Next. On the following page, you can define the target filters.
   Target Filters

   Configure target filters in this section. You can specify options for Included groups, Excluded groups, and create custom filters by selecting the Filters option.

   1. Included groups: Select device or user groups to which the action will apply. Click Add Groups to view and choose from the available device and user groups in your Hexnode UEM portal.
   2. Excluded groups: Choose device or user groups to be excluded from the action deployment. Click Add Groups to display the available groups for exclusion.

      

   3. Filters: Create custom filters based on the following categories:
      1. Device: This category encompasses various attributes specific to the device being managed.
      2. User: This category includes attributes related to the users who are using the devices.
      3. Network: This category relates to network attributes associated with the devices.
      4. Device Status: This category provides attributes associated with the compliance and operational status of the devices.

   To configure filters, set the following fields:

   1. Select Column: Choose the category used for filtering. Once selected, the relevant sub-categories will be displayed under this dropdown.
   2. Select Comparator: Define the comparison method.
   3. Select value: Set the specific value for filtering.

   Below is a list of available filter categories and their corresponding sub-categories:

   Main category	Sub- categories
   Device	Apple DEP Asset tag Available internal storage Battery level BitLocker Policy Compliance Department Device ID Device model Device notes Device type Encryption Status Enrolled time Enterprise Management Type Installed RAM Last checked-in time Manufacturer MEID OS name OS version Ownership Platform Processor name Serial number Supervision Total internal storage TPM version UDID Used internal storage
   User	Alternate email Department (AD) Domain name Email Office location (AD) sAMAccountName Title (AD) User type Username
   Network	Bluetooth MAC address Current carrier network SIM 1 Current carrier network SIM 2 Current MCC Current MNC Ethernet IP Address Ethernet MAC address Home carrier Home country ICCID SIM 1 ICCID SIM 2 IMEI SIM 1 IMEI SIM 2 IMSI International data roaming Last connection date Personal Hotspot Phone number SIM 1 Phone number SIM 2 Roaming enabled SIM carrier network Subscriber carrier network (iOS) Subscriber MCC Subscriber MNC Wi-Fi IP Address Wi-Fi MAC address Wi-Fi SSID
   Device Status	Activity status Application compliance status Compliance status Enrollment status Geofence compliance status Jailbroken Kiosk mode Lost mode MDM profile Password compliance status Rooted

   1. After selecting the desired sub-category, a comparator must be chosen.
      Note:

      
      The available comparators vary depending on the selected sub-category.

      For example, if Apple DEP is chosen as the sub-category, the available comparators are Is and Is not.

      

   2. After selecting the comparator, the value for comparison must be chosen or entered.

      In the case of the Apple DEP sub-category, the available options are Disabled and Enabled.

      

   Notes:
   1. You can add nested filters using the ‘+’ icon along with the AND operator. To remove a filter, simply click the trash icon next to the ‘+’ icon.

      

   2. When dealing with multiple filters, there are two available operator options: “AND” and “OR.”

      

   3. Choosing AND means that devices must meet the criteria set by all the filters. On the other hand, selecting OR allows the action to apply to devices that meet at least one of the criteria from the filters.

6. After setting the filters, click Next.
   Review

   The next page leads to the Review section, where the configured deployment settings can be viewed. If any adjustments are needed, click the Edit option to access the corresponding section and make changes as necessary.

   

7. Once you have reviewed the deployment, click Save.

Deploy tab overview

After successfully creating a deployment, you can easily monitor and manage it through the Deploy tab. The Deploy tab consists of the following sections:

• Active Deployments
• Archives
• Activity Feed

Active Deployments

The created deployments will be displayed in the Active Deployments section on the home screen of the Deploy tab. This section provides details such as the name, version, platform, creation date, status, and last status update for each deployment.

Also, there are options to Archive, Pause, Resume and Delete the deployments. To perform any of these, select the desired deployment and click on Actions.

Archives

Archived deployments can be found in the Archives section, which shows the deployment name, version, and archived time. From this section, deployments can be deleted or restored.

Activity Feed

Detailed information about each deployment can be viewed in the Activity Feed, including the deployment name, version, activity type, and the time when the activity occurred.

To view specific deployment details, select the desired deployment and navigate to the Reports section. Here, you can see device-specific details related to the deployment, such as the device name, platform, action, version, initiation time, completion time, and the deployment status. You can also export and download the report in either PDF or CSV format from this section.

By following the outlined steps, you can streamline the deployment process to meet your organization’s needs, allowing you to create a deployment that instantly deploys a file, certificate, custom script, or an update to a group of devices or group of users.