Overview:
Organize endpoints of a Site in Groups to manage endpoints easily and consistently. A Group has one policy and shared exclusions, blocklist items, Firewall, Device Control, and Configurable Network Quarantine rules, and more.
A Group can be in only one Site because it contains the endpoints of a specific Site.
Group Types
Pinned Group - Select the endpoints that go in this Group. Endpoints are pinned to this Group and do not automatically move to other Groups.
Use this when: You want endpoints to have a specific policy and NOT to move to a Dynamic Group automatically. You can move endpoints from Dynamic Groups to Pinned Groups. You can assign endpoints to a Pinned Group on Agent installation with a Group Token.
Manual Group (previously called Static Group) - Select the endpoints that go in this Group. Endpoints move automatically from this Group to a Dynamic Group if they match a Dynamic Group filter.
Use this when: You want endpoints to move to a Dynamic Group if they match a Dynamic Group filter. You can assign endpoints to a Manual Group on Agent installation with a Group Token. Use a Pinned Group instead if you want to make sure that endpoints stay in the Group.
Dynamic Group - Create an endpoint filter for this Group. All endpoints that match the filter automatically move to this Group, except for endpoints in Pinned Groups. Set the priority for each Dynamic Group in Group Rankings. If an endpoint matches the filter for more than one Dynamic Group, it goes to the Group that has the highest ranking.
Use this when: You want to apply a specific policy based on the current endpoint attributes. The endpoint can move automatically between Dynamic Groups, or back to the Default Group if the Dynamic Group is deleted or no other Dynamic Group fits the endpoint. You can move endpoints from Dynamic Groups to Pinned Groups.
Moving Endpoints Between Groups
Current Group Type | Can Move To |
Dynamic Group | Manually to a Pinned Group Dynamically to a different Dynamic Group if its properties change or if a different Group that it matches has a higher Group Ranking. |
Manual Group | Manually to a different Manual Group or a Pinned Group Dynamically to a Dynamic Group |
Pinned Group | Manually to a different Pinned Group or a Manual Group |
Please note:
If you want an Endpoint in a Pinned Group to move to a Dynamic Group, first move it to a Manual Group and then it will move dynamically to the highest ranking Dynamic Group that it matches.
How to Create a Group:
At the top left of the Console, click the arrow to open the Scopes panel and select a scope.
You must select a Site.
In the sidebar, click Sentinels. Endpoints opens.
Click Group > New Group.
The Add New Group wizard opens.
In Group Name, enter a descriptive name for the group. The name must be unique in the Site.
Click Next.
In Group Type, select the type of Group: Manual Group, Dynamic Group, or Pinned Group.
If you select Dynamic Group, select the filter set. Click Next.
Best Practice: To create a Dynamic Group, first save the filter set.
In Group Policy, see the settings of the inherited policy.
If the Site has a policy, the Group inherits the Site policy settings. If the Site uses the Account or Global policy, the Group inherits those policy settings.
If you want this Group to have a different policy, click Change Policy, change the settings, and click Save.
Scroll down and click Create Group.
Click Done.