Policy Inheritance FAQ

This FAQ will address common questions we have heard or think you may have about Policy Inheritance. If you don’t see your question here feel free to ask us! We hope this will be helpful as we roll out this new feature.

New to Policy Inheritance? We’ve got a doc for that! Read all about the new feature HERE!

Will I have to rework my policies as soon as Policy Inheritance goes live?

No, when your account is migrated to policy inheritance you will be moved to the new system without any policy changes taking effect. Here is specifically how this works:

  1. We will scan each customer’s assets to obtain a list of policies used by each customer
  2. We will create subfolders underneath each customer’s parent directory matching each policy name
  3. Each subfolder we create will have its respective policy assigned to them
  4. Each asset will be moved into their respective folder

This means everything is now on the new system, but individual assets will still have the identical policy structure as before. Most users will want to restructure their policy management with all the additional power that Policy Inheritance provides, but you can do this at your leisure.

Will the way I create policies differ with Policy Inheritance?

Slightly, yes. We’ve created a new policy builder designed to better organize the wide array of policy-based items we offer, as well as to better showcase what the policy does, and what the policy doesn’t do.

So while the UI for creating a policy will look different, the actual policy items and their functionality remain identical to how they behaved prior.

Is there any new functionality added to the policies themselves?

While Policy Inheritance brings a litany of changes greatly increasing the power of policy management as a whole, policies themselves offer just have two core changes:

  1. Policies will now use a new policy builder which offers better organization and a clearer picture of what is enabled on any given policy
  2. You can now add items to a policy in a disabled state. In the previous policy management model, disabled items were simply ignored. Now, disabled items can and will override the same policy settings that exist higher up in the inheritance tree. To ignore a policy item, you can simply omit it from the policy entirely.

What else will be affected as a result of Policy Inheritance?

There is only one thing that has been officially deprecated as a result, and that is the RMM Package flow which was only used by a handful of our users. There are several flows that are changing, however, that you should be aware of.

  1. Saved Asset Searches using a policy as a filter, and Recurring Invoices using a Saved Asset Search using a policy as a filter will continue to function for 30 days after release at which time they’ll require you to update them so they will continue to work. We will be adding the ability to select any given customer and their subsequent policy folder as an updated option to both Saved Asset Searches and to Recurring Invoices. There won’t be a way to target specific policies anymore, as assets and policies no longer hold a one-to-one relationship.
  1. Automated Remediation using a Policy as a condition will no longer work. We will be adding the ability to select any given customer, and their subsequent policy folder as an available condition instead. There won’t be a way to target specific policies anymore as a condition, as assets and policies no longer hold a one-to-one relationship.
  1. The “Policy” column will no longer be available on the Asset index page.
  1. Creating an installer will now require you to select a customer and a respective policy folder.
  1. Old agent installers will no longer work, so if you host them or use them for your technicians on a USB stick they carry around, these will need to be updated.
  1. You will no longer be able to create individual asset overrides on the asset record’s “Monitoring” tab. All overrides should be handled directly within policies now.

How many policies can be assigned to each folder?

You can assign one policy to the top-level folder, each subfolder, and to the asset directly. Those will all be merged into a single unit called an “effective policy.”

How many policy subfolders can I create?

You can go 5 subfolders deep underneath each customer’s top-level folder. There are no limits to how many folders you can have within any given subfolder level.

If I want to go back to the old policy model, can I?

No, once the Policy Inheritance rollout is complete, this will be the only method of managing policies going forward.

Can I override policy items?

Yes, this is now possible. Previously, our policy model had two states. If an item was checked, it was enabled. If it was unchecked, it was disabled. Now policies have three states:

  1. Enabled - When a policy item is added to a policy, and subsequently checked
  2. Disabled - When a policy item is added to a policy, and subsequently unchecked
  3. Not Considered - When a policy item is not added to a policy

Is there a recommended best practice for setting up my policies?

This is largely dependent on your customer base, your specific MSP model, and how you have things currently structured. Typically, you’ll want to create a “top-level policy,” which is comprised of all of the policy items you want to use universally across all assets without exception. So if you require 100% of your assets to monitor for SMART failures, or have BitDefender installed, this should go into your top-level policy and be assigned to each customer’s top-level folder.

Everything else should be structured based on exceptions. For instance, if you have specific needs for workstations, and specific needs for servers, create a folder and policy for each, and whatever is specific to each group which isn’t already encompassed in your top-level policy, should make up your respective “Workstation” and “Server” policies.

Does Policy Inheritance allow for simplified recurring billing?

It absolutely does. We’ve added the ability to bill by each specific customer’s policy folder, meaning if you want to bill $150 for each asset contained in a particular customer’s “Server” folder, and $100 for each asset contained in their “Workstation” folder, Policy Inheritance now allows for this. Best of all, these assets are dynamically counted at the time the Recurring Invoice fires. So you can freely add or remove assets from these folders and the customer will always be billed for exact usage. No more losing money to paperwork errors!

What will happen to my old installers if I use them with Policy Inheritance?

We highly recommend everyone stop using their old installers when Policy Inheritance is brought live.

If you deploy an asset using an installer created prior to Policy Inheritance rolling out, these will get installed above the top-level folder on any given customer, meaning they will deploy without a policy assigned and will require that you manually move them into the desired folder post-installation.

Why can’t I manage assets from the policy assignment tab?

The policy-assignment page is designed exclusively to manage policies, not to manage assets. So displaying asset-specific information, quick views, and quick actions is not available on this page. For your convenience, there is a “View Asset” button that will open the asset record in a new tab, and you can manage it from there. Otherwise, the Asset index page works the same as it always has for managing assets.

I need to bulk move assets to another folder, can I do this?

Yes! You can use the shift key (select all assets in between a starting and ending point) or the control key (select multiple assets one by one) to bulk select assets. Once selected, you can drag them as a group, or you can use the “Move” button to select a folder when your structure is too large to be conducive to using the normal drag-and-drop method.

I currently have a bunch of recurring invoices using RMM Packages, what’s the best way to reconfigure those for use with Policy Inheritance?

In many cases we’ve found folks billing for RMM Package line items when they didn’t need to be, meaning you could be using the dynamic asset counters instead. If that’s the case, you can simply start using the Asset Counter line item instead.

If you have a mix of assets being billed for differing amounts on each customer, you can ensure these will continue to work using a combination of asset saved searches and custom fields. You can flag each asset with a type (e.g. “Bronze,” “Silver,” and “Gold”) using a custom field. Then you can set up Saved Asset Searches using the custom field as a criterion, and bill against those dynamically using the Asset Counter line item in conjunction with your newly created Saved Asset Search.

Lastly, we will be introducing an updated billing mechanic with Policy Inheritance, but this won’t be live until the feature rolls out. This will allow you to select a specific policy folder, count the assets within that folder, and bill accordingly using the new “Policy Folder” line item type. If you have multiple asset types you want to bill against, you can simply add multiple “Policy Folder” line items to your recurring invoice.

Can I still override items in the asset’s monitoring tab?

No. The new way of overriding something would be to place the asset into an applicable folder with a policy that overrides the desired setting(s), or to apply said policy directly to an asset.

Note that if you have current overrides in place for any given asset, those will still remain in place. We highly encourage you to update those, however, as this existing override mechanic will be deprecated at a future date.

Is there a way to bulk assign or update the policy on the top-level folder across all customers?

Yes, eventually. We will provide more information on this at a later date.

I am trying to delete a policy and it says I can’t because it’s currently in use, but I can’t find it anywhere. What do I do?

This can happen if you have assets assigned to an archived customer. If you go to the Customers tab > Customer Modules dropdown > Show Archived item, you can check through your archived customers to verify which might have the affected assets assigned and adjust them accordingly.