Skip to content


You can add and edit policies to apply to resources in your Zero Trust Network Access (ZTNA) setup.

Policies let you give users access to resources and set conditions for access.

  • You assign policies to resources (web apps, web pages, and local apps), not users.
  • A policy lets you decide how apps are accessed and sets conditions for access.

You don't use policies to decide which user groups can access resources. You do that when you add the resources to ZTNA.

Agent-based and agentless access

You can use either an agentless or agent-based policy.

  • Agentless: This can only control access to web apps and pages, not local apps. It can't check device health.
  • Agent: This is more flexible. This can check device health and control access to all types of resources. You must install the Sophos Endpoint agent on your devices. This stops potentially infected devices accessing your resources.

Agent-based policies and resources won't work until you've installed the agent on your users' devices.

If you don't already have the agent installed, go to ZTNA > Policies and click Request agent. Sophos alerts you when the agent is available. You can then install it. See Install Agent.

Add Policy

Go to ZTNA > Policies > Add policy.

For step-by-step instructions on creating policies, see Add policies.