Views:

Configure assignments and priorities to assign policies to your endpoint groups.

Important
Important
  • Assignments is a "Pre-release" feature and is not considered an official release. Please review the Pre-Release Disclaimer before using the feature.
  • This feature is not available in all regions.
  • Configure policies before creating assignments.
  • Trend Micro recommends configuring the Default Assignment.
  • If this is your first time using the new Endpoint Security Policies, please read Before you enroll. This version of Endpoint Security Policies is an updated and improved version which integrates most features from Standard Endpoint Protection and Server & Workload Protection. However, support for some features is still under development. Review Before you enroll to avoid any potential interruption to your security environment.
  • Enrolling your endpoint groups overwrites any policies assigned to the endpoints by the Protection Manager.
Create and edit assignments and priorities to apply policies to your endpoint groups.

Procedure

  1. In the Trend Vision One console, go to Endpoint SecurityEndpoint Security ConfigurationEndpoint Security PoliciesAssignments.
  2. Create or edit an assignment.
    • To create an assignment, click Add assignment.
    • To edit an assignment, click the assignment name.
  3. Specify the Name.
  4. Select the Endpoint groups to add to the assignment.
    1. Click the edit icon (edit_icon=GUID-1F1D1164-5310-4D6D-ACD0-6049C86960AF.png).
      The Select endpoint group window appears.
    2. Locate and select the endpoint groups you want to add.
      Expand endpoint groups view your group structure and locate child groups. Use the search to find groups by name.
      Note
      Note
      • You can add child groups to a different assignment than the parent group.
      • You can remove endpoint groups from the assignment by clearing the selection.
      • Endpoint groups not added to an assignment you create are added to the Default Assignment.
      • You cannot remove endpoint groups from the Default Assignment using the Select endpoint group window.
    3. Click Select.
  5. Configure the Base priority.
    1. Select the policy to apply to the Base priority.
      Note
      Note
      The criteria for the base priority is All endpoints and cannot be changed. Endpoints which do not match any other priority in the assignment use the base priority.
  6. To add a priority, click Add priority and specify a name.
    You can add up to fifteen priorities. If an endpoint matches more than one priority, the endpoint applies the policy of the highest ranking priority (Priority 1 is highest, Priority 15 is lowest). Endpoints that do not match any priority use the base priority.
  7. To rename a priority, click the options icon (options=ddb0b67f-0654-4aa5-8bc7-48ec554c5448.png) and select Rename.
  8. To delete a priority, click the options icon (options=ddb0b67f-0654-4aa5-8bc7-48ec554c5448.png) and select Delete.
    Note
    Note
    You cannot delete the Base priority.
  9. To change the order of a priority, click and drag the priority to the desired order.
  10. Configure the priority.
    1. Click the priority name to edit the configuration.
    2. Select the Criteria.
      • Endpoint name: Apply the policy to any endpoint with a name that contains at least one specified value. For example, the value Sample matches endpoints with the names Sample1, Sample2, and 25Sample. The value does not match Sam.
      • Operating system: Apply the policy to any endpoint with the specified OS. Click the edit icon () to select the OS. You can specify a specific OS version (such as Windows 11) or OS family (such as Linux).
      • IP range: Apply the policy to any endpoint within the specified IP range. You can specify up to three IP ranges.
    3. Click Add criteria to add additional criteria.
      You can specify up to three criteria. Criteria uses AND logic. For example, if you select Windows for the operating system and Endpoint name Sample, the priority applies to an endpoint named Sample11 that has Windows 11 installed. The priority does not apply to an endpoint named Sample15 that has macOS 15 installed.
      Important
      Important
      To prevent creating a priority that cannot apply to any of your endpoints, Trend Micro recommends only using a criteria type once. For example, do not select IP range for Criteria 1 and Criteria 2. Since endpoints only have one IP address, two sets of ranges cause the priority to not match any endpoints.
    4. Select the Policy to apply to endpoints that match the priority criteria.
  11. Click Save.