Sophos Central Partner - Best Practices for Global Templates

As a partner, for endpoint protection, it's quick and easy to add, under Global Templates, a template and within that, Global Settings or Base Policies and allow/deny things across our customer base. However this isn't conducive for customer specific settings.

If we were to be granular, since there is a Global Template applied, we would have to create a clone of a template within the Customer Central, then, since the policy wouldn't apply to anyone, select users or groups...But first setup sync to their AD first so their groups would sync (otherwise the tedious management of every time a user is added across our tenants - some 7000 users?!?). 

I've had situations, where we can remove a customer from the partner global template, then edit and add them back and settings stick.  I've had other times when settings are removed.  It's not consistent.  Or maybe it is but I've never seen any documentation of what's preserved vs overwritten.

I'm going to hazard a guess that the recommended practices is to get as granular as possible, but where does Sophos make this even somewhat manageable for partners with a large number of users?

If a Global template had a child "global settings" and "child policies" that we could create under our customers, that would be nifty (like what's already done with Firewalls).

I appreciate your input.

Thank you,
David



Added tags
[edited by: Gladys at 6:01 AM (GMT -8) on 6 Dec 2023]