Managing endpoint policy priority levels
An endpoint may be eligible for multiple endpoint policies. When an endpoint is eligible for multiple endpoint policies, the following factors determine which endpoint policy EMS applies to the endpoint:
- EMS only applies endpoint policies to endpoints if they are enabled on the Endpoint Policy & Components Manage Policies page.
- If an endpoint is eligible for multiple enabled endpoint policies, EMS applies the policy with the highest priority to the endpoint.
To change endpoint policy priority levels:
- Go to Endpoint Policy & Components Manage Policies.
- Click Change Priority.
- Click and hold the policy name, then drag to the desired position.
- Click Save Priority.
In the examples, there are three endpoint policies:
Name |
Endpoint groups |
Priority level |
---|---|---|
Seattle_general |
All Groups/Seattle |
1 |
SF_general |
All Groups/SF |
2 |
Seattle_HR |
All Groups/Seattle/HR |
3 |
In this example, all three policies are enabled. The All Groups/Seattle/HR subgroup is eligible for both the Seattle_general and Seattle_HR policies. In this scenario, EMS applies the first eligible endpoint policy, Seattle_general, to the All Groups/Seattle/HR subgroup.
In this example, the Seattle_general endpoint policy has been disabled. The All Groups/Seattle/HR group is still eligible for both policies. Since the Seattle_general policy is disabled, EMS applies Seattle_HR to the All Groups/Seattle/HR group.
Consider that you then make the following changes:
- Enable Seattle_general
- Move policies so that they have the following priorities:
- SF_general: 1
- Seattle_HR: 2
- Seattle_general: 3
In this example, the All Groups/Seattle/HR group is eligible for two policies: Seattle_HR and Seattle_general. Since Seattle_HR comes before Seattle_general in the priority list, EMS applies Seattle_HR to All Groups/Seattle/HR.
Even though SF_general is set to priority 1, EMS does not apply it to All Groups/Seattle/HR, since All Groups/Seattle/HR is not eligible for that policy.
To change policy priority levels via a text file:
- Go to Endpoint Policy & Components > Manage Policies.
- Click Change Priority.
- Click Bulk Policy Order Update. This option is only available if you have multiple non-default policies configured.
- Click Export.
- Open the downloaded text file. The file lists the policies in their configured priority levels. Edit the order as desired and save.
- Click Next.
- Browse to and import the updated text file. The priority levels update in EMS.