Web Control Policy

Question

Good afternoon, 
 I have included some websites in Website Management to block personal emails, i.e. Outlook, Gmail, Yahoo Mail etc. 
 I have tagged them as Personal Email, and then created a Web Control policy that blocks the Personal Email tag. 
 As we in IT use Gmail and Outlook to setup accounts for mobile phone users, how can I setup another policy just for us that still block all the mail providers apart from Outlook and Gmail? 
 I did try tagging the Outlook and Gmail as IT as well as Personal Email, then tried allowing IT and blocking Personal Email but must conflict. 
 Kind regards, Dan

Qoosh · Answer

Hello Dan, 
 Thank you for reaching out to the Sophos Community. This inquiry appears to be related to Sophos Central Endpoint so I will be moving it to a different thread. If you feel this was done incorrectly, please let me know. 
 If you&rsquo;re using website tagging to control which sites are permitted/denied, you can create a new Web-Control Policy to be applied to the IT Staff. Ensure that the IT Policy is higher on the list than the User Policy. If the "Base Policy" is being used as your "User Policy", ensure the "IT Policy" is listed just under the "Base Policy". 
 In the IT Policy use the tag tied to the webmail sites and specify the action as "Allow". In the User Policy use the tag tied to the webmail sites and specify the action as "Block". 
 When policy processing occurs, the IT Staff will receive the first policy in the list that applies. If no policies apply to the user that is logged into the device, the "Base Policy" will apply. In the IT Policy, I recommend setting the "Webmail" category to "Allowed" to ensure there are no conflicts. 
 Let me know if this works for you. If you continue to experience issues, let me know by updating this thread. I can reach out to you via DM to request the "Unique ID" for remote assistance, to take a closer look. 
 Cheers,