On Premise & MDM vs. PolicyPak Cloud FAQ

One of the key features of PolicyPak products is their flexibility. They are designed to fit in with your systems, your workflow, and your existing infrastructure.

The same applies to delivery methods: PolicyPak offers flexibility in how you deliver your settings to the desktops and applications that need managing.

There are two editions of PolicyPak Suite. What’s the difference?

First off, both PolicyPak On-Prem & MDM Edition and PolicyPak Cloud Edition of the PolicyPak Suite contain the same components

These components can deliver, enforce and lock down exactly the same types of settings with either Suite such as:

  • Application settings Policies,
  • Admin Templates Policies,
  • Group Policy Preferences,
  • Security Policies,
  • Browser Router policies
  • Least Privilege policies
  • Java Rules policies

and more !

Your choice of Suite will depend on what kind of computers you’re managing, where they are located, and if you already have a current systems management system in place

# #
#
#
#
#
#
#
#
#

All (or most) all of my computers are domain-joined. What’s best for me?

If all or most the computers you’re working with are domain-joined, PolicyPak Suite (On-Prem & MDM Edition) is best for you.

PolicyPak works with your existing Active Directory and however you currently deliver settings.

So if you use Group Policy, SCCM, Altiris, KACE, Tivoli, or some other delivery method you already love, then PolicyPak On-Prem & MDM is for you.

For your domain-joined machines, you’ll just use the “On-Prem” licensing mechanism and not the MDM licensing method.

And, if you have a handful of non-domain joined machines, then you have two options:

  • If you have an MDM service, just use PolicyPak On-Prem & MDM to manage your handful of non-domain joined machines
  • If you have NO MDM service, then use PolicyPak Cloud to manage you handful of non-domain joined machines

All (or most) of my machines are non-domain-joined computers. What’s best for me?

If you’re a Managed Service Provider, or someone who has to maintain a lot of remote or non-domain-joined machines, PolicyPak Suite (Cloud Edition) is best for you.

That being said, if you are already invested in an MDM service (like Airwatch, Intune or MobileIron) and want to deliver settings to those non-domain joined machines, then you can use PolicyPak On-Prem & MDM.

Either way enables you to deliver, update, enforce and remediate the whole range of PolicyPak Suite settings AND real Microsoft Group Policy settings over the internet – wherever your machines are located.

I have both domain-joined and non-domain joined computers. What’s best for me?

There are three possible ways to go here:

  1. License PolicyPak On-Prem & MDM for your domain joined machines. And if you have an MDM service, also use PolicyPak On-Prem & MDM for your non-domain joined machines.
  2. License PolicyPak On-Prem & MDM for your domain joined machines. If you have NO MDM service, license PolicyPak Cloud for your non-domain joined machines.
  3. License only PolicyPak Cloud for both domain joined and non-domain joined machines.

There is no “right way”; each of these methods work, is valid and is supported.

That being said most customers choose to license both PolicyPak On-Prem & MDM for their domain joined machines and PolicyPak Cloud for their non-domain joined machines.

We can talk about the best licensing method with you if you are unsure which method would be best for you.

Can PolicyPak On-Prem & MDM and/or PolicyPak Cloud be used simultaneously?

Yes.

PolicyPak On-Prem & MDM and PolicyPak Cloud work together perfectly.

As seen in the graphic, policies are targeted specifically, or, are simply merged together. If there’s a conflict, the on-prem directive (say, using Group Policy) wins.

Bonus: when you purchase a PolicyPak Cloud license, you automatically get a PolicyPak On-Prem license. Therefore, you can use either the PolicyPak Cloud to deliver your setting and/or, say, Group Policy or SCCM to deliver your setting (after the computer has consumed a PolicyPak Cloud license).

PolicyPak On-Prem & MDM vs PolicyPak Cloud Decision Tree

#

Use this decision tree to help you decide on how you should license PolicyPak: PolicyPak “On-Prem” method, PolicyPak MDM method, PolicyPak Cloud or a combination.

What happens if computers go offline?

Computers go offline for any number of reasons: loss of connection, being taken off site, airplanes, customer sites, and so on.

Without PolicyPak, you’re immediately out of compliance. If a computer cannot connect to your On-Premise Active Directory or MDM service, it will no longer be in compliance with your directives.

With PolicyPak, your computers are always in compliance. It doesn’t matter if you deliver PolicyPak settings via your own On-Prem Active Directory, your MDM service, or via PolicyPak Cloud.

When a user’s computer goes offline, your machine will stay compliant thanks to PolicyPak.

Key Features
on-premise-mdm-vs-policypak-cloud-faq-15
on-premise-mdm-vs-policypak-cloud-faq-16
Settings delivery
To manage applications settings using:
on-premise-mdm-vs-policypak-cloud-faq-17

Via GPO / SCCM / other

Via Your MDM Service
(Airwatch, Intune, MobileIron)
Group Policy Admin Templates using:
on-premise-mdm-vs-policypak-cloud-faq-18

Via GPO / SCCM / other

Via Your MDM Service
(Airwatch, Intune, MobileIron)
Group Policy Preferences using:
on-premise-mdm-vs-policypak-cloud-faq-19

Via GPO / SCCM / other

Via Your MDM Service
(Airwatch, Intune, MobileIron)
Group Policy Security settings using:
on-premise-mdm-vs-policypak-cloud-faq-20

Via GPO / SCCM / other

Via Your MDM Service
(Airwatch, Intune, MobileIron)
Browser Router settings using:
on-premise-mdm-vs-policypak-cloud-faq-21

Via GPO / SCCM / other

Via Your MDM Service
(Airwatch, Intune, MobileIron)
File Associations Manager Settings using: *
on-premise-mdm-vs-policypak-cloud-faq-22

Via GPO / SCCM / other

Via Your MDM Service
(Airwatch, Intune, MobileIron)
Least Privilege Manager Settings using:
on-premise-mdm-vs-policypak-cloud-faq-23

Via GPO / SCCM / other

Via Your MDM Service
(Airwatch, Intune, MobileIron)
Java Rules Manager Settings using:
on-premise-mdm-vs-policypak-cloud-faq-24

Via GPO / SCCM / other

Via Your MDM Service
(Airwatch, Intune, MobileIron)
Settings delivery to domain-joined machines
Settings delivery to non-domain-joined machines
Compliance retained if machine goes offline
*    This component only operates when endpoint is domain joined