Limiting a policy to a building

PhillyPhoto
Valued Contributor

I have a bunch of IP ranges, and I'm looking at utilizing buildings. But it appears to me that the way it's setup I can only target or exclude buildings, I can't limit to them. Is that correct? I may want to scope to only my domain-bound devices, but limit the policy being run until they're on the network (aka in the "building"). I would then have to create 2 new smart groups on top of anything else - 1 for what I want to target, then 1 for it being in the building smart group and 1 for not being in the building smart group. I couldn't quite find anything like this in the feature requests, so I figured I'd throw it out here first in case I missed it.

2 REPLIES 2

mm2270
Legendary Contributor III

Yes, right now you can't use them as a limitation. One possible way to get there would be to exclude all other buildings except the ones you want to target. But the issue with that approach is if some machines don't end up having a building assigned, they would likely fall into scope since you'd only be excluding other buildings, not limiting to the ones in question.

There may not be a feature request on this already, but it feels like there should be. It would be nice to be able to use all organizational objects for scoping, limiting and excluding. Frankly, the Limitations tab is the most disappointing one under Scope since it typically only shows Network Segments and iBeacons. There may be some technical hurdles to making all other items show up there, which could be why it's not currently a thing.

PhillyPhoto
Valued Contributor

I created a feature request for this