Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1301
Views
5
Helpful
3
Replies

add Secure Endpoint Exception to Group not entire policy

Go to solution
Davedog
Level 1
Level 1

‎10-18-2022 05:40 AM

What is the proper method of applying a custom exception to just a group of computers within a policy?

is there a way to do this without having to clone a policy? that seems to defeat having groups.

1 person had this problem
1 Accepted Solution

Accepted Solutions

Go to solution
Ken Stieers
VIP
VIP

‎10-18-2022 05:56 AM

You have to create a separate policy.

That doesn't defeat using groups... groups are the only way to define which boxes get which policy.

What you're wishing for is policy inheritance and override. Maybe someday...

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Ken Stieers
VIP
VIP

‎10-18-2022 05:56 AM

You have to create a separate policy.

That doesn't defeat using groups... groups are the only way to define which boxes get which policy.

What you're wishing for is policy inheritance and override. Maybe someday...

0 Helpful

Go to solution
Davedog
Level 1
Level 1
In response to Ken Stieers

‎10-18-2022 06:10 AM

Thank you Ken, 

0 Helpful

Go to solution
jesutorr@cisco.com
Cisco Employee
Cisco Employee

‎10-18-2022 06:10 AM

Hi Dave, 

At this moment there is no way to apply an exclusion set to only some devices, you can have a generic Test Policy/ Test Group /Test Exclusions Set and move some machines there.
Aside of that, is suggested to have your endpoints segmented in different groups depending on the purpose of the devices there you can have:
-AMER Group Main Group 
--US Group (child)
---US Workstation Group (Child) 
----Design Group (Child)
----Sales Group (Child)
---US Server Group (Child) 
----IT Group (Child)
----AD Group (Child)

So when you want to test some exclusion, that exclusion will apply only to the machines with the same kind of software, in the example if I want to exclude Adobe for the Design team, I don't have to create a clone of the policy because my Adobe exclusion won't affect the servers or the IT Team, it will apply only to the machines I want. 

Is common seeing customers that have only 2 groups, 1 group for all the servers (regardless if they are Active Directory or Web Servers) and another group for all the workstations (regardless if on that group you can find the CEO of the company and the IT machines)

Have a good one!!

0 Helpful
Customers Also Viewed These Support Documents