About priorities and activation rules of policy profiles

Policy profiles are activated automatically when activation rules are triggered. Policy profiles have priorities: if different profiles affect the same setting, only the profile with the highest priority is applied.

Profile activation rules

Activation rules are a set of conditions that, when met, start the policy profile on a device. An activation rule can contain the following conditions:

You can use roles in the activation rules, for example, if there are groups of employees who require the same settings on their devices: you can assign the role "Courier" to all couriers in all offices and create a policy profile, allowing them to run GPS navigation software. You cannot use roles in the activation rules if you do not assign owners to devices; the activation rules simply will not work. You can assign owners to devices through either Active Directory or Kaspersky Security Center 11 Web Console.

You can use tags in the activation rules if you do not want to use roles or if you consider tagging the best way to group different devices. For example, you can tag devices that have Microsoft Windows 7 and create a policy profile for them; this profile will apply to all devices that have this operating system. If you replace Windows 7 with another operating system on a device, the profile will be automatically deactivated for this device.

Priorities of profiles

Profiles that have been created for a policy are sorted in descending order of priority. For example, if profile X is higher in the list of profiles than profile Y, then X has a higher priority than Y. Multiple profiles can be simultaneously applied to a single device. If values of a setting vary in different profiles, the value from the highest-priority profile will be applied on the device.

Following is an example scenario where policy profiles have different priorities.

Example scenario

You have created two policy profiles:

One of the couriers in Office1 gets a laptop with Windows 7. Both policy profiles apply to this laptop, and the courier is able to run both GPS navigation software and online payment software.

