Best ways for structuring policies to avoid conflicts in a large fleet?Solved

We just make a unique, giant policy for every single department and branch combination. It takes forever to set up and manage, but that’s the only way we found to make sure things don’t clash in the portal.

Try applying policies by grouping the device. Else the only way is to apply to all devices and individually change the settings for the ones needing exceptions, but it is even more time consuming way.

Hello everyone,

Creating massive individual policies or manually adjusting devices can become unsustainable when scaling thousands of endpoints. Organizing your deployment into a tiered framework is the most effective way to maintain an enterprise-grade fleet.

When layering your payloads, we recommend following these core architectural guardrails:

• Keep the Base Minimalist: Your organization-wide base policy should strictly contain your non-negotiable security baselines. Never include Wi-Fi, apps, or UI configurations here, as a heavy base policy makes it incredibly difficult to manage exceptions later.
• Target Logically: Map environmental configurations (like local Wi-Fi or time zones) to Device Groups, and functional enablement (like specific apps or role-based access controls) to User Groups to prevent assignment cross-contamination.
• Test Before You Scale: Always deploy an overlapping policy to a test device first and review its compiled state under the device’s Policies sub-tab to ensure the conflict resolution engine matches your intent before pushing it globally.

For a complete breakdown of implementing a structured deployment matrix, please refer to our document on Global Policy Inheritance and Conflict Resolution.

Regards,
Simon Scott
Hexnode UEM