Manage Computers and Devices in Groups in Endpoint Security

Applies To: WatchGuard Advanced EPDR This topic applies to the WatchGuard Advanced EPDR endpoint security product., WatchGuard EPDR This topic applies to the WatchGuard EPDR endpoint security product., WatchGuard EDR This topic applies to the WatchGuard EDR endpoint security product., WatchGuard EDR Core This topic applies to the WatchGuard EDR Core endpoint security product., WatchGuard EPP This topic applies to the WatchGuard EPP endpoint security product.

Use the My Organization tab to create and manage static groups of computers and devices on your network. A computer can only belong to a single endpoint group. You might create endpoint groups to:

• Find computers that meet specific criteria for hardware, software, or security.
• Quickly assign security settings profiles.
• Take remediation actions on a subset of computers.

Endpoint groups can be used to configure deployment behavior for products installed by the WatchGuard Agent. For more information, go to Configure WatchGuard Agent Deployment in WatchGuard Cloud.

Your operator role determines what you can see and do in WatchGuard Cloud. Your role must have the Manage Computer Tree permission to view or configure this feature. For more information, go to Manage WatchGuard Cloud Operators and Roles.

Group Types

You assign computers to an endpoint group. On the My Organization tab, you can create a hierarchy that includes groups, subgroups and computers. The maximum number of levels in the hierarchy is 10.

You can create these types of endpoint groups:

Root

This is the top group under which all other groups reside.

Local Groups

These are WatchGuard Endpoint Security groups, some of which are predefined. These groups support all operations (such as move, rename, or delete) and can contain other groups and computers.

Active Directory Groups

These groups replicate your Active Directory structure. These groups do not support some operations. They can contain other Active Directory groups and computers.

Active Directory Root Group

This group contains all Active Directory domains configured on the organization's network. It contains Active Directory domain groups.

Active Directory Domain Group

These groups are Active Directory branches that represent domains. They contain other Active Directory domain groups, Active Directory groups, and computers.

Active Directory Groups

For organizations with an Active Directory server, Endpoint Security can automatically replicate the Active Directory structure on the My Organization tab.

To make sure the structure is consistent between Active Directory and the My Organization tab, you cannot modify Active Directory groups in Endpoint Security. Endpoint Security automatically updates Active Directory groups within one hour when you make changes to your Active Directory structure.

In Endpoint Security, if you move a computer from an Active Directory group to a native group or to the root group, the synchronization relationship with Active Directory breaks. Any changes you make to Active Directory groups that affect the moved computer are not reflected in Endpoint Security.

For information on how to reestablish the synchronization relationship between Active Directory and Endpoint Security, go to Move Computers from One Endpoint Group to Another.

Related Topics

Manage Endpoint Groups in Endpoint Security

Filter a Page by Group

Scan Computers and Devices