I'm looking for a paradigm of using Policies and device groups. Could you please tell me what would be the right way of using policy to address next issues.
Here is the problem: We are in process of introducing Sophos MDR in our company and Sophos perform some tests and give us some advises how to organize our policies. In essence we have a lot of Global or Policy Exclusions which apply to all devices in company. On each exclusion we have got advice: Limit the exclusion to a specific device or group of devices.
I have decided to leave Base Policy as it is by default and create new policy for each additional settings or modifications. Those modifications will be applied to certain group of devices and for the rest of them Base Policy will be applied.
Than I have created 2 policies, BarracuaExcclusions and KeyLinkAppExclusions. I have created 2 groups accordingly and associate to those policies.Than I wanted to put computers in each of those groups. Here is the problem. Device can be only in one group. So I wanted that devices A,B,C have BarracudeExclusions but only B and C to have KeyLinkAppExclusions. Moreover, If I want to use policy to block USB on certain devices this complicates story even more. it seams groups cannot be used and that I have to put each device in Policy manually.
Is there a way to have a Default groups? For example: I want to block USB on each new device which has been added automatically and that policy is applied on some default devices group?
How do you handle problem like this? So I want to have base policy intact, each new changes are in new policies. How do you maintain settings in those policies later on ? Imagine, we have 10 Threat Policies each of them are applied on certain devices. If there is a need to change some "shared property" in policy, we would have to do it manually in 10 places, isn't it?
So in essence I need a practical example of policy usage which can address issues mentioned above.
Thank you in advance,
[edited by: Gladys at 3:05 AM (GMT -7) on 28 Apr 2023]