Sophos Android Enterprise Device only Mode WI-Fi

Question

is it possible to split out the wifi, SCEP and root cert from the restrictions? so can apply 2 policy to a device in enterprise mode? 
 we use android devices in enterprise mode (750) of them, we have restrictions, disabled apps, wifi, root cert and SCEP within 1 policy. when installing certs for wifi config the device prompts to install the user cert, so this means we cannot make a restriction policy change as it re-installs the wifi config and again prompts to install the certificate and wont reconnect to wifi until the button is pressed. 
 so in essence each time we make a restriction change, 750 devices disconnect from the wifi network, as these are healthcare clinical devices this is a major problem. 
 can anyone suggest a way to create a separate wifi config policy which can be applied along side the additional policy requirements. 
 many thanks 
 Keep safe 
 Andy

Jasmin · Accepted Answer

Hi Andrew Mullins 
 Unfortunately, we can't split the restriction configuration and other configuration from policies. Whenever new Android Enterprise device policy or Work policy will be created restriction configuration will by default be added in the policy. 
 You can separate them in the legacy device policy but that is not associated with Android Enterprise.