Creating Offline Freeze rules

The following conditions apply to a device that has been frozen by a Freeze request or an Offline Freeze rule:

• A full screen Freeze message, configured by the user who requested the Freeze, shows on the device. For Windows and Mac devices, if the device user is logged in when the request is initiated, they are immediately logged out and the message shows instead of the Login page. If the device is powered off or in sleep mode, the Freeze is initiated immediately after the device restarts or awakes.

  NOTE  When a frozen Mac device that is encrypted by FileVault is restarted, the Freeze message is not shown until the device user logs in to the device and the file system is decrypted. Although the user is logged in, the device is inaccessible.

• A device user can't dismiss, minimize, or bypass the full-screen message.

• The device's peripheral displays are disabled.

• Remote login to the device is disabled.

• The device's file system is inaccessible via network file sharing (for example, AFP, NFS, or SMB).

Note that the Freeze feature is persistent. The frozen state persists even when the device is restarted, even if it's restarted in safe mode. If a user re-installs the operating system, the device freezes again when the agent self-heals.

Offline Freeze rules are supported on Windows and Mac devices with an active Absolute agent. They are not supported on devices with an open theft report.

NOTE  If the Absolute product license assigned to a policy group does not include support for Freeze actions, the policy group is ineligible for the Offline Freeze rule.

The DFZ component of the Absolute agent is responsible for freezing a policy group's devices. After the rule is activated on the devices, the component triggers a timer to start counting down on each device. With each successful agent check-in, the timer resets. If a device does not check in to the Absolute Monitoring Center before the timer expires, the device freezes and an email notification is sent to the users specified in the rule configuration.

A frozen device remains frozen until one of the following scenarios occurs:

• You submit a Remove Freeze request for the device
• The device's unfreeze code is entered on the device
• You remove the device's policy group from the Offline Freeze rule
• You move the device to a policy group that is not associated with an Offline Freeze rule, and during the move action you select the option to unfreeze it
• You delete or deactivate the Offline Freeze rule

Your account may include a default Offline Freeze rule that is preconfigured as follows:

• The rule is assigned to the Global Policy Group.
• The rule freezes a device if it is offline for more than 30 days and a system default Freeze message shows on the frozen device.

The default Offline Freeze rule is inactive. You can activate it as is, or you can edit it to suit your needs and then activate it. Alternatively, you can delete this rule if it's not needed.

To create an Offline Freeze rule, you need to log in to the Absolute console as a user with the following permissions:

• Manage permissions for Rules
• Perform permissions for Freeze Device and Remove Freeze

You can configure and activate an Offline Freeze rule to automatically freeze devices that remain offline for a specified number of days.

To configure an Offline Freeze rule:

1. On the navigation bar, click and click Rules. The Rules page opens. If a default Offline Freeze rule is configured for your account, it shows on the page.
2. Do one of the following:
   • To edit and activate the default rule (if it's available), click Configure next to the rule.
   • To create and activate a new rule:
     1. Click Create rule.
     2. Click Freeze when device is offline for too long.
        The Freeze offline devices dialog opens.
        
3. Click the title and edit the name of the rule.
4. [Optional] Click Add description and enter a description for this rule.
5. In the If a device doesn't check in for more than <x> days... field, enter the length of the timer in days. The default value is 30 days, but any value up to and including 2000 days is supported. If a device does not contact the Absolute Monitoring Center before the timer elapses, the Absolute agent freezes the device.

6. The Send email field is prepopulated with your email address. Do one of the following:

   • To send email notifications to other users:

   1. Click Edit and click the field to open a selection list of email addresses associated with your account.

   2. Begin entering each email address and then select it from the list. To send alerts to individuals that are not console users, enter their full email address, pressing Enter after each one. To remove an address, click its icon. When you're done, click Close.

   • To disable email notifications entirely, click Edit and remove all email addresses from the field. When you're done, click Close.

     NOTE  When the rule is triggered, an event is logged to the Events page in the History area, but no emails are sent. You may prefer this option if Absolute is integrated with a SIEM application.

7. Click Edit next to Freeze to show the Freeze configuration fields.
   1. Frozen devices show a full screen message to inform the user that their device is frozen and it can't be used. Click the field under Freeze Message and select a message from the drop-down list.
      If you need to create a new Freeze message:
      1. Close the dialog.
      2. On the navigation bar, click > Device Freeze Messages and create a new message. Your new message will be added to the Freeze Message field so you can select it.

   2. Click the Unfreeze Code field and select one of the following options:

      • Generate a random unfreeze code for each device (default option)

      NOTE  After a randomly generated unfreeze code is used to unfreeze a device, the code becomes invalid. Therefore, to ensure that the device can be unfrozen again in the future, the system generates a new code and assigns it to the device.

      • Create a numeric unfreeze code for all devices

   3. Define the format of the code by doing one of the following:
      • If you selected Generate a random unfreeze code for each device, click the Code Length field and select the length of the numeric code. You can select any value between 4 and 8 (default) digits.
      • If you selected Create a numeric unfreeze code for all devices, a random 8 digit code shows in the Custom Passcode field. [Optional] Click the field and enter a custom 4-8 digit value.
8. To select the policy groups A collection of devices to which a set of policies are applied. to assign the rule to:
   1. Click Edit next to Apply to.
   2. Click the field and select each policy group. Any policy groups that are already assigned an Offline Freeze rule are excluded from the list. To remove a policy group, click its icon. When you're done, click outside the field.

If any of the selected policy groups include devices that do not meet the system requirements, those devices are ineligible and will be excluded from the rule.

NOTE  If the Include the following policy groups field isn't visible, you aren't granted sufficient permissions to work with policy groups. To proceed, save the rule and then ask a user with Manage permissions for Policies to edit your rule and assign the applicable policy groups.

9. To activate the rule now, leave the Active slider near the top of the page as is (green background). To activate it later, click the slider to turn it off (gray background).
10. Click Save.

If you activated the rule, it is activated on each device on its next check-in to the Absolute Monitoring Center, at which time the device's Freeze status is set to Conditional - Offline Set. Going forward, if the device remains offline for the number of days specified in the timer, the Absolute agent freezes the device.

To see the Device Freeze status of an individual device, view its Device Details page or the Event History report.

To see the expected freeze date for devices with an active Offline Freeze rule, view the Upcoming Offline Device Freeze report.