You can select the specific Symantec Endpoint Protection Manager groups that you want to enroll and manage. By default, ATP enrolls and manages all associated groups (excluding those groups in the exclusion list). If a group is specified, this ATP instance only manages endpoints in the listed group.
If you are running Symantec Endpoint Protection Manager 14.0 RU1 or later, ATP manages the groups that you specify in the SEPM Group Inclusions dialog box according to the settings on the SEP Policies dialog box in the Private Cloud policies section. However, ATP removes the private cloud policies for all other groups not in the SEPM Group Inclusions list with the first group added to the list. When you subsequently add a new group to the SEPM Group Inclusions list, ATP overwrites the private cloud policies for the newly added group. When you remove a group from the SEPM Group Inclusions list, ATP removes private cloud policies from the deleted group. When you delete all groups from the SEPM Group Inclusions list, ATP replaces all private cloud policies for Symantec Endpoint Protection Manager groups according to the settings on the SEP Policies dialog box in the Private Cloud policies section.
If you are running Symantec Endpoint Protection Manager 14.0 or earlier, you must configure private cloud policies in Symantec Endpoint Protection Manager for ATP to properly manage the groups that you specified in the SEPM Group Inclusions list.
Important: If you select a Symantec Endpoint Protection Manager group, the Symantec Endpoint Protection Manager subgroups are not automatically included. You must select each Symantec Endpoint Protection Manager subgroup that you want included. A group should not be enrolled in more than one ATP instance. ATP Manager does not support validating whether a group is already enrolled in another ATP instance. If a group is enrolled in another ATP instance, enrollment may fail depending on the ATP instance that last posted the device information (device UID / password) back to Symantec Endpoint Protection Manager.
If you upgrade from a version of ATP before 3.0.5, any endpoints that are not in the groups that you specify are unenrolled.
To configure Symantec Endpoint Protection group inclusions
Do one of the following:
Initially setting up Symantec Endpoint Protection Manager connection using the setup wizard