Skip to content

Base Policies

Each feature has a base policy. Sophos provides this policy and initially it applies to all users (and devices) or all servers.

If you're new to policies, read this page to find out how base policies work.

What is a policy?

A policy is a set of options that Sophos Central applies to protected users, devices or servers.

There is a policy for each product, or for a feature that’s part of a product (for example, there is a policy for the application control feature).

Users, devices and servers have separate policies.

What is a global base policy?

For some features, like threat protection, Sophos configures the base policy with the best practice settings. You can leave it unchanged if you want to.

For other features, like application control or peripheral control, which are more specific to your network, you must edit the policy to set up the feature.

The base policy is always available and is used if you don't have other policies activated.

Note

You can't disable or delete the base policy.

What is in each global base policy?

A global base policy lets you:

  • Configure base policy settings for your customers.
  • Specify which customers the policy applies to. You do this using a Global Template.

Note

Customer administrators won't be able to change any of the base policies shown here.

Which base policies can I set globally?

You can grant permissions so that Intercept X Advanced with XDR or Intercept X Advanced for Server with XDR gives complete protection for your customers. See XDR Overview.

You can set up a base policy for Email Security. See Email Security.

You can set up a base policy for Device Encryption. See Encryption: Device Encryption.

You can set up base policies for Endpoint Protection.

You can set up base policies for Server Protection.