Swif.ai provides dedicated MDM policies for Linux devices, giving IT administrators centralized control over configuration, security, and compliance across supported distributions such as
Debian
Ubuntu
Fedora
OpenSUSE
Arch Linux
Manjaro
MX Linux
POP!_OS
Available Policies
Below is a summary of all Linux-specific policies currently available in Swif.ai. All Linux policies can be used for BYOD or for company-owned devices.
Policy | What it controls | Min. OS | BYOD Compatible |
Application Block Policy | Blocklist desktop or CLI applications (by package name or path). Learn more → | Any supported Linux distro | Yes |
Bluetooth Policy | Enable/disable the Bluetooth radio, set discoverability, and pairing rules. Learn more → | Any supported Linux distro | Yes |
Cron Policy | Set every X days to restart a device or set EOD of X date to restart a device. Learn more → | Any supported Linux distro | Yes |
Encryption Recovery Policy | Escrow LUKS/dm-crypt recovery keys & push recovery unlock commands. Learn more → | Any supported Linux distro | Yes |
Firefox Extension Policy | Force-install or block Firefox add-ons, including Swif's Firefox browser extension. Learn more → | Any supported Linux distro | Yes |
Google Chrome Extension Deployment & Blocking Policy | Deploy/block Chrome & Chromium extensions. Learn more → | Any supported Linux distro | Yes |
Remote Desktop (RustDesk) Policy | Initiate an on-demand RDP session from the Swif console. Learn more → | Any supported Linux distro | Yes |
Password Policy | Local account password length, complexity, expiry (PAM) (CLI tools only—KDE password UI not supported). Learn more → | Any supported Linux distro | Yes |
Screen Saver Policy | Idle lock, timeout, DPMS blanking (GNOME, XFCE, MATE, Cinnamon). Learn more → | Any supported Linux distro | Yes |
Software Update Policy | apt/dnf/zypper automatic security patching, deferrals, and reboot window. Learn more → | Any supported Linux distro | Yes |
Tracking Policy | USB port and Device lock. Learn more → | Any supported Linux distro | Yes |
USB Policy | Allow/block removable storage, set read-only, match VID/PID. Learn more → | Any supported Linux distro | Yes |
Wi-Fi Policy | WPA2/WPA3 Enterprise & PSK network profiles, auto-join priorities. Learn more → | Any supported Linux distro | Yes |
Linux Google Login Policy | Enables secure authentication using Google Workspace accounts on managed Linux devices. Learn more → | Any supported Linux distro | Yes |
Linux Azure Login Policy | Enables secure device authentication using Microsoft Entra ID (formerly Azure AD) on managed Linux systems. Learn more → | Ubuntu and Fedora for now. | Yes |
Linux Login Message Policy | Allows administrators to set a custom message that appears on the login screen of supported Linux distributions and desktop environments. Learn more → | Any supported Linux distro | Yes |
Linux RADIUS policy | Instructs enrolled Linux devices to use secure Wi-Fi (WPA2/WPA3 Enterprise) via RADIUS. Learn more → | Any supported Linux distro | Yes |
Linux Remote Desktop Policy | Adds support for remote desktop access on Linux devices (specifically PopOS/Ubuntu-based with GUI) using RuskDesk. Learn more → | Any supported Linux distro | Yes |
Linux Security Logger Policy (AI Security Report) | Vulnerability scanning Learn more → | Any supported Linux distro | Yes |
How These Policies Work
Swif.ai’s Linux MDM policies are applied and enforced via the Swif Agent, ensuring real-time compliance and configuration synchronization.
Policies are deployed automatically after device enrollment.
Any policy drift or non-compliance is flagged in the Swif dashboard.
Administrators can modify or group policies from the Linux Policy Management section in the console.
Requirements
Supported OS: Debian, Ubuntu, Fedora, OpenSUSE, Arch Linux, Manjaro, MX Linux, POP!_OS, NixOS
Swif Agent installed and connected to the management server
Internet connectivity for policy sync and compliance reporting
Quick tips
Encryption Recovery Policy integrates with Swif’s key vault—no more manual LUKS key escrow.
The Application Block payload is package-manager-agnostic (works with
apt,yum/dnf,pacman, etc.).If you need cross-OS parity (e.g., kill USB storage on every endpoint), create identical policies in the macOS and Windows tabs and assign them to the same device group.
Combine Linux policies with Swif.ai’s Compliance Automation to maintain continuous alignment with SOC 2, ISO 27001, and HIPAA requirements across all endpoints.