Creating a New Policy


Each managed product provides different policy settings that you can configure and deploy to policy targets. You can find a complete list of supported managed products and the policy settings for each in the Apex Central as a Service Widget and Policy Management Guide.

You can download a PDF version of the guide, or view the guide online, using the following link:

  1. Go to Policies > Policy Management.

    The Policy Management screen appears.

  2. Select the type of product settings from the Product list.

    The screen refreshes to display policies created for the selected managed product.

    For more information about configuring policy settings for specific managed products, see the Apex Central Widget and Policy Management Guide.

  3. Click Create.

    The Create Policy screen appears.

  4. Type a policy name.
  5. Specify targets.

    Apex Central provides several target selection methods that affect how a policy works.


    To include a managed product or endpoint as a target, make sure the product version of the managed product or endpoint supports policy management in Apex Central. The Policy Template Settings screen (Policies > Policy Resources > Policy Template Settings) contains information about supported product versions.

    The policy list arranges the policy targets in the following order:

    • Specify Targets: Use this option to select specific endpoints or managed products.

    • Filter by Criteria: Use this option to allocate endpoints automatically based on the filtering criteria.

    • None (Draft only): Use this option to save the policy as a draft without choosing any targets.

  6. Click a managed product feature to expand it and configure its settings. Repeat this step to configure all features.
    • Each feature has a link to a Help topic that discusses the feature and how to use it.

    • For certain product settings, Apex Central needs to obtain specific setting options from the managed products. If administrators select multiple targets for a policy, Apex Central can only obtain the setting options from the first selected target. To ensure a successful policy deployment, make sure the product settings are synchronized across the targets.

    • If you are creating a policy for Apex One Security Agent that you want to act as a parent to a future child policy, configure settings that can be inherited, customized, or extended on the child policy.

  7. Click Deploy or Save.

    If you clicked Deploy, Apex Central starts the deployment. The deployed policy appears in the list on the Policy Management screen. It usually takes a few minutes for Apex Central to deploy the policy to the targets.

    Click Refresh on the Policy Management screen to update the status information in the policy list. If the status of the deployment remains pending after an extended period of time, there might be issues with the targets. Check if there is a connection between Apex Central and the targets. Also check if the targets are working properly.

    Once Apex Central deploys a policy to the targets, the settings defined in the policy overwrite the existing settings in the targets. Apex Central enforces the policy settings in the targets every 24 hours. Although local administrators can make changes to the settings from the managed product console, the changes are overwritten every time Apex Central enforces the policy settings.

    • Apex Central enforces the policy settings on the targets every 24 hours. Since policy enforcement only occurs every 24 hours, the product settings in the targets may not align with the policy settings if local administrators make changes through the managed product console between the enforcement period.

    • Policy settings deployed to IMSVA servers take priority over the existing settings on the target servers instead of overwriting them. IMSVA servers save these policy settings on the top of the list.

    • If an Apex One Security Agent assigned with a Apex Central policy has been moved to another Apex One domain, the agent settings will temporarily change to the ones defined by that Apex One domain. Once Apex Central enforces the policy again, the agent settings will comply with the policy settings.