We’ve updated policy management to make device configurations safer and more predictable.

What’s new

• One policy per type, per device
  A device can now only have one policy of a given type (for example, one Disk Encryption policy, one Firewall policy) at a time. This reduces configuration conflicts and unexpected behavior.

• Automatic overrides when assigning new policies
  When you assign a new policy of a type that a device already has:

  • The new policy automatically replaces the existing policy of that same type.

  • This works the same whether you assign policies directly to devices or through groups.

• Clear warnings during policy creation
  In the policy Create flow:

  • On Select Devices and Select Groups, you’ll see clear indicators and tooltips whenever your new policy will replace an existing one.

  • On the Review step, a new “Policy Overrides” section summarizes which devices will be affected before you publish.

• Safer selection in Device details
  In a device’s Policy tab:

  • The UI now prevents you from accidentally selecting multiple policies of the same type.

  • If you choose a new policy of a type that’s already applied, the previous one is either automatically deselected or you’ll see an inline validation message prompting you to confirm the change.

• Smarter behavior for groups
  When assigning policies at the group level:

  • The system only flags devices in that group that already have a conflicting policy type.

  • This makes it easy to understand exactly where overrides will happen before you apply the change.

Why this matters

• Reduces conflicting configurations on the same device

• Makes overrides explicit and reviewable before publishing

• Keeps policy behavior more predictable across devices and groups