cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
993
Views
5
Helpful
3
Replies

add Secure Endpoint Exception to Group not entire policy

Davedog
Level 1
Level 1

What is the proper method of applying a custom exception to just a group of computers within a policy?

is there a way to do this without having to clone a policy? that seems to defeat having groups.

1 Accepted Solution

Accepted Solutions

You have to create a separate policy.

That doesn't defeat using groups... groups are the only way to define which boxes get which policy.

What you're wishing for is policy inheritance and override. Maybe someday...

View solution in original post

3 Replies 3

You have to create a separate policy.

That doesn't defeat using groups... groups are the only way to define which boxes get which policy.

What you're wishing for is policy inheritance and override. Maybe someday...

Thank you Ken, 

jesutorr@cisco.com
Cisco Employee
Cisco Employee

Hi Dave, 

At this moment there is no way to apply an exclusion set to only some devices, you can have a generic Test Policy/ Test Group /Test Exclusions Set and move some machines there.
Aside of that, is suggested to have your endpoints segmented in different groups depending on the purpose of the devices there you can have:
-AMER Group Main Group 
--US Group (child)
---US Workstation Group (Child) 
----Design Group (Child)
----Sales Group (Child)
---US Server Group (Child) 
----IT Group (Child)
----AD Group (Child)

So when you want to test some exclusion, that exclusion will apply only to the machines with the same kind of software, in the example if I want to exclude Adobe for the Design team, I don't have to create a clone of the policy because my Adobe exclusion won't affect the servers or the IT Team, it will apply only to the machines I want. 

Is common seeing customers that have only 2 groups, 1 group for all the servers (regardless if they are Active Directory or Web Servers) and another group for all the workstations (regardless if on that group you can find the CEO of the company and the IT machines)

Have a good one!!