SEP Cloud uses policies to define device security. A policy is always applied to a group, and then that policy governs all users and devices in the group.
All users must be members of a group, and all devices must be associated either with a user or directly with a group. Shared resources such as servers are added directly to a group.
You can use the default group that comes with SEP Cloud, and you can create custom groups. Unlike custom groups, the default group cannot be deleted. If you want to delete a custom group, you have to move all members to a different group first. You can apply one policy of each type to a group.
Benefits of assigning devices to a user or a group:
Irrespective of whether the device is directly associated to group or to a user, the device always gets the policy assigned to the group.
If you need to configure a user-specific policy on a device, such as email access, then the device must be associated to a user. The email of the user is used when you configure access policies on the device belonging to that user. If the device is directly associated to a group, it will not receive email policy settings.
Figure: How groups manage policy flow
A group must have a security policy applied to it. The Symantec recommended security policy is applied to the default group.
On the Groups page or the Groups Details page, the total number of devices includes only those devices that are assigned directly to a group. It does not include user-owned devices.