How to add URLs to a Web Content Filter policy seamlessly?

Description

Having intially configured a policy or set of policies and associated it to devices in production environment, there are certain scenarios where you might need to update the policy or the entities such as apps, URLs, security protocols etc, associated with the policy. Consider this scenario where we've deployed an URL filter policy, which permits/restricts certain URLs and tis policy has been associated to devices in the production environment. To know how to add URLs to the policy without affecting your productivity, refer to the steps below:

Pre-requisites

  • Do not modify the Web Content Filter policy distributed to the devices.
  • Do not modify any other policies present in the same profile as the Web Content Filter policy.

Steps

  • On the MDM server, click on Device Mgmt from the top menu and select Groups and Devices from the left pane.
  • Click on Create Group as explained here and add a minimal number of devices to the group. This group will act as the test bed for this enterprise app update. It is recommended to have a few devices enrolled with MDM not being used in production environment, to act as test devices in case of subsequent policy and/or app updates in the future.
  • Once the group is created, click on Profiles from the left pane. Click on the Create Profile and select the require platform.
  • Select Web Content Filter from the left menu and replicate the policy being used in your production environment. 
  • Add the additional URLs to the list of blacklisted/non-blacklisted URLs. Once done, Save and Publish the profile.
  • Distribute this profile to the testbed group as explained here.
  • Once the profiles have been associated successfully, you can have the URL filter tested on these devices.
  • Once tested satisfactorily, you can distribute the updated URL filter policy incrementally to groups, one after one or if you have only one group, select smaller subset of devices in the group and then distribute the profile.
  • Thus, distribute the updated Kiosk profile to all the devices in production environment incrementally.