Managing policy groups

Permissions

To work with custom policy groups, you need to log in to the Secure Endpoint Console as a user with Manage permissions for Policies.

To delete a policy group that is used by an Action rule, you must also be granted the Manage permission for Rules.

Editing policy groups

You can update the name and description of a custom policy group.

To edit a policy group's properties:

On the navigation bar, click Policies > Policy Groups.
On the Policy Groups sidebar, click the policy group that you want to update. The policy group opens in the work area.
To change the name of the policy group, click the name and enter a new name.
To change the description of the policy group, click the description field and enter a new description.
Your changes are auto-saved.

Your changes are auto-saved, and a Policy group updated event is logged to Event History.

Updating policy group membership

You can change a policy group's devices by adding devices or removing devices.

There are two ways to add devices to a policy group:

Open a policy group and add devices
Select devices in a report and change their policy group

There are also two ways remove devices from a policy group:

Select devices in a report and change their policy group
Delete the policy group

Deleting policy groups

If one or more custom policy groups are no longer applicable or required, you can delete them. All devices that were associated with the deleted policy group are moved to the Global Policy Group, and the Global Policy Group's activated policies and Offline Freeze rule are applied to each device.

Note the following considerations:

If automatic agent updates are disabled, and the agent version assigned to the Global Policy Group is lower than that of the deleted policy group, the agent on each device will be downgraded to the lower version. Note that depending on the two agent versions involved, some functionality may be lost. For more information about the features, improvements, and fixes introduced in each agent version, see the agent release notes.

If the Playbooks policy is enabled in both the deleted policy group and the Global Policy Group, each device may need to restart three times to complete the downgrade of the device's PER component.
If you delete a policy group that is used by an Action rule:
- The rule is deactivated, and a Rule updated event is logged to Event History.
- In the Policies > Rules area, the rule shows a icon to indicate that an item used by the rule has been deleted. Edit the rule and replace the deleted group with another group.
To delete a policy group that is used by an Action rule, your user role must be granted the Manage permission for Rules.
If an Offline Freeze rule isn't activated in the Global Policy Group, deleting a policy group with an activated Offline Freeze rule has the following effect:
- The rule is deactivated on the device.
- Any of the policy group's devices that are frozen by the rule will remain frozen.
  To unfreeze the device, go to the Device Freeze Status report and submit a Remove Freeze request.
To delete a policy group in this scenario, your user role must be granted Perform permissions for Remove Freeze.

To delete a policy group:

On the navigation bar, click Policies > Policy Groups.
On the Policy Groups sidebar, click the policy group that you want to delete. The policy group opens in the work area.
Click and click Delete. The policy group is removed from the sidebar, and a Policy group deleted event is logged to Event History.