General policy recommendations
When you install Sophos Enterprise Console, default policies are created for you. These policies are applied to any groups you create. The default policies are designed to provide effective levels of protection. If you want to use features like network access control, patch, application control, data control, device control, or tamper protection, you need to create new policies or change the default policies. When setting up policies, consider the following:
- Use default settings within a policy when possible.
- Consider the role of the computer when changing default policy settings or creating new policies (e.g. desktop or server).
- Use Sophos Enterprise Console for all central policy settings, and set options in Sophos Enterprise Console instead of on the computer itself when possible.
- Set options on the computer itself only when requiring temporary configuration for that computer or for items that cannot be configured centrally, such as advanced scanning options.
- Create a separate group and policy for computers that require long-term special configuration.