Review the supported features for Endpoint Security Polices before enrolling your endpoint groups.
 |
Important
|
Enrolling your Protection Manager endpoint groups in Endpoint Security Policies allows
central management of protection features across your managed endpoints. You can configure
reusable settings in Policy Resources and apply policies to priorities across multiple
assignments.
Endpoint Security Policies combines and simplifies the endpoint security options from
Standard Endpoint Protection and Server & Workload Protection to provide consistent
protection across your agent deployments. To learn more about how features from Standard
Endpoint Protection and Server & Workload Protection have been merged into Endpoint
Security Policies, see Endpoint protection module feature mapping.
Some features have support extended across the Protection Managers to provide a consistent
security experience. Support for some features is under development and might not
apply to all configurations and deployment types. For more information about feature
support, see Endpoint Security Policy feature support requirements.
Before you enroll your Protection Manager endpoint groups into Endpoint Security Policy,
there are some additional behaviors and limitations to consider.
-
Enrollment applies to any endpoint group added to an assignment you choose to activate enrollment on. Enrollment applies at the endpoint group level, and does not affect other endpoints or endpoint groups on the same Protection Manager as targeted groups. Enrolling an endpoint group into Endpoint Security Policies only affects the endpoints assigned to that group.Ensure that any endpoints you do not want to enroll in Endpoint Security Policies are not included in any endpoint group targerted by an enrolled assignment.
-
Enrolling an endpoint group overwrites the Protection Manager policy settings on targeted endpoint agents. Endpoint agents do not retain the Protection Manager policy settings, and removed from any Protection Manager policy that uses "Filter by Criteria" or "Specify Targets" for targeting endpoints.Review the policy settings in the Protection Manager and compare with your assigned policies in Endpoint Security Policies to ensure the features you want to use are supported and configured to avoid any interruption in your environment.If any endpoints in the endpoint group have an assigned Version Control Policy using the Protection Manager policy as a criteria, the enrolled endpoints no longer match the criteria. The endpoints might match other criteria in the policy or utilize the base priority. You might need to reconfigure your Version Control Policies after enrolling in Endpoint Security Policies to ensure your endpoints maintain the same update controls.
-
Endpoint Security Policies provides limited support for connected endpoint protection product such as Trend Micro Apex Central or Trend Cloud One - Endpoint & Workload Security. Endpoint Security Policies can manage the Endpoint Sensor settings, if installed, but connected products are unable to apply the security module settings from the assigned policy.Enrolling connected products that have not been updated to Trend Vision One Endpoint Security might cause unexpected behavior, such as the Agent Interface failing to load or update information.
-
If you choose to unenroll and endpoint group, affected endpoints might not automatically return to the previously assigned Protection Manager policies.
-
Standard Endpoint Protection endpoints assigned a policy using the "specify targets" criteria are no longer included in the target list. Endpoints might match other policy criteria and apply a different policy, display an incorrect policy, or fall into "endpoints without policies."
Tip
To ensure endpoints are assigned an appropriate policy if you decided to unenroll from Endpoint Security policies, Trend Micro recommends creating a policy using "Filter by Criteria" to target the endpoint groups you plan to enroll. -
Server & Workload Protection endpoints retain the Endpoint Security Policy settings until assigned a policy manually or by using an assign policy action.
-