Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=set-up-policies

Set up policies

Sophos Central automatically applies “base” or default policies to all devices where you install our software.

These policies give the recommended protection against threats immediately. You don't have to change or add policies if you don't want to.

However, you might want to add additional or custom policies. For example, you might want to use different settings for specific users.

There are separate policies for endpoint computers and servers.

To add a policy, do as follows:

  1. Go to the product you want to add policies for. For example, go to Endpoint Protection > Policies.

  2. For each product feature, a Base Policy is applied until you’ve added and applied another policy. Click Add Policy in the upper right.

    Screenshot of Policies page.

  3. In Add Policy, do as follows.

    1. Select the Feature. In this example, we've selected Peripheral Control.
    2. Select the Type. In this example, we've selected a User policy, which applies to users whichever device they're using.

    Then click Continue.

    Screenshot of Add Policy page.

  4. In the new policy page, enter a policy name. Then select the users you want to apply the policy to and move them to the Assigned Users list.

    Screenshot of assigned users list.

  5. Click the Settings tab to configure the policy. Edit the settings and click Save to apply the policy.

    Screenshot of Peripheral Control policy settings.

  6. On the Policies page, you can now see a new policy and the number of users or computers it applies to.

    Screenshot of Policies page with new policy.

  7. Check the order your policies are in. We apply the policies in each section in the order shown on the Policies page.

    Drag your most specific policies, such as those for specific users, to the top so that they're applied first.

Later you might want to check which policy or policies have been applied to a computer. To do this, go to Computers, click the computer name, and look in the Policies tab.