Assign policies to administrators, users, and groups

You can assign user policies to any number of groups, administrators, and users, but each administrator and user can have only one user policy of each type assigned to them. A policy assigned directly to a user or administrator takes precedence over policies assigned to groups that the user or administrator belongs to. If no policy is assigned directly to an administrator or user and the administrator or user belongs to two or more groups that are assigned different policies of the same type, the highest ranked of the assigned polices is applied to the administrator and user.
Each login to the management console is evaluated against the policies that are assigned to administrators and users, in order, until a policy that is assigned matches. If no policy is assigned to the administrator or user directly, or through a group that they are a member of, the default policy is applied and they can only sign in to the Endpoint Defense console using their Endpoint Defense password. The enhanced authentication policies are applied to administrators and users in this order:
  • User policy app exceptions
  • User policy
  • Tenant app policy
  • Default policy
Create one or more of these policies:
  1. On the menu bar, click Policies > User Policy.
  2. Select the tab for the policy that you want to assign.
  3. Click the name of the policy that you want to assign.
  4. Click Assigned Users and Groups.
  5. Click Add user or group.
  6. Click the User tab.
  7. Enter a user name. By default, a maximum of 50 search results are returned. Refine your search when more than 50 search results are returned.
    Administrator accounts include a The Administrators icon icon. In some scenarios, you might see two user accounts for one user, an administrator account and an Active Directory user account.
  8. Select one or more names from the search results, and then click Add.
    You can also assign policies to a user on the user configuration page
  9. Click the User Group tab.
  10. Enter the group name that you want to add. By default, a maximum of 50 search results are returned. Refine your search when more than 50 search results are returned.
  11. Select one or more names from the search results, and then click Add.
    You can also assign policies to a group on the group settings page.
  12. To unassign the policy from a user or group, select the users and groups that you want to unassign the policy for and click Remove.