Learn about new zones and their benefits before you replace legacy zones with them.

In July 2024, a new design of zone rules was introduced to expand functionality and improve ease-of-use for grouping endpoint devices in the console. All zones created after this date leverage saved device queries as zone rules. Zones that use legacy zone rules continue to operate such that applied policies and membership can be changed, but you cannot modify their zone rules. You should create new zones to replace legacy zones as soon as possible to enjoy its benefits.

Zones are used in these ways:

• Group devices logically based on similar characteristics
• Assign device policies to groups of devices
• Manage assets by zone managers and users
• Manage Aurora Protect and Focus agent updates
• Deploy packages to collect data from Focus devices
• Assign a specific threat priority for threats to devices in the zone
• Manage exceptions for Behavior Detection Engine rulesets.
• Filter queries for threat hunting

These are the benefits of new zones:

• Leverages saved device queries for more search fields and greater flexibility and improved matching when creating zone rules for asset management
• Option to automatically remove devices from a zone when they no longer meet the Zone Rule criteria
• Visibility into how a device was added to a zone, such as whether it was added automatically by the Zone Rule criteria or manually
• Ability to preview the devices that will be added to a zone by using saved device queries from the new Device Grid view, before using them as a zone rule
• Device queries can be saved with a logical name, allowing you to quickly find and use them for daily asset management activities
• Future enhancements will focus on expanding the capabilities of new zones and rules