Allow MSPs to create Policies and Block page settings that are visible and assignable in customer accounts.
Quick update, everyone! You can now duplicate a global policy within a sub organization and not just from your main account. Keep the feedback coming as we’re still working to make Global Policies better.
Thanks to everyone who voted on this Global Policies feature!
Global Policies are now here as a preview feature. Now, you can:
- Convert old policies under your MSP organization to Global Policies
- Automatically create Global Policies by adding them under your MSP dashboard
This feature request is staying open as we are continuing to develop Global Policies and incorporate your requests.
If there are any other things you’d like to see, comment on this feature request or contact us directly. Your continued feedback impacts how we continue to develop DNSFilter. Keep the comments coming!
I just signed up for the trial as mso. Havent looked,at the software yet. I read this post and wondered if we are there yet or should i wait ti evaluate. So much software doesnt support apllying multiple policies in order to implenent inheritance with override and it wastes valuable time.
@Timothy: Im So glad that im not the only one voicing my opinion regarding this.
We need everyone to post their Thought!
We've been waiting so long for this feature to be implemented ... only to see that its not what we expected ...
We're nearly complete with this feature. We are expecting it to be in our production release during the week of Jan 20th.
@Ken Carnesi: can we still expect it this week ?
@Nachman: There's a small chance, yes. However, it's looking 100% solid for next week (week of Jan 27th). We have a big release this week coming up with regards to improved reporting, and some unforeseen issues prior to release came up on reporting, which bumped the Global Policies by a few days.
@Ken: Hi Ken, i see that the Global Policy Feature is Now live but i believe that this wont be Too useful (the way it currently is ) what i really was looking for (and i think Many other users as well) is to be able to have a global whitelist and blacklist stacked upon the users current Whitelist/Blacklist Policy Which would make the Current policy a Sub Policy to the Global Policy (sort of as a override ) But Not that we should be restricted to only use the Global Policy entirely.
The Main Reason i was looking for a global Policy was That i shouldn't need to Add a url to all of my policies whitelists/Blacklists
but i still need to have many Custom policies For Example if i Blacklist www.badsite.com on my global blacklist then i should not need to add it to each policy's blacklist Rather Each policy that is attached to the Global Policy should inherit the global policy on top of the current policy
(sorry for being repetitive I just want make sure that im clear about it )
i think That its a nice feature to be able to Show the policy across all organizations (that seems to be the current new feature) but this wont help the other issue of Global Whitelist/Blacklist Is this something that is Planned on being Developed as well ?
Hi @Nachman, thanks for commenting. The new global policy feature will allow you to create a policy that can be reused between your sub-organizations and includes the whitelist/blacklist features. Any alterations made to the policy will apply to all endpoints using the policy.
Help me understand your request better. I'm hearing the following:
1. A global policy that you can assign to any sub-organization and build upon without affecting the global policy.
2. You are specifically interested in a global whitelist/blacklist that you could attach to any policy and make alterations without affecting the global whitelist/blacklist? - This scenario is well covered by our whitelist/blacklist import/export feature. Are you familiar?
@Mikey:HI I think i was misunderstood
Ill try to explain myself Better
all i need is the ability to have a global Parent whitelist/Blacklist that i can add urls too
i can then Assign this Global Parent policy to any existing Regular policy from any organization
this will be helpful each time that i add a url that i don't need to add it to all of my policies Separately (like i currently need to do which is time consuming )
rather i can just add it once and it will effect all policies that have this Global Parent Policy assigned to it (ie. this type of Global Policy will be considered a parent Policy ) and it will then make the standard policy to be considered a override if anything has been changed from the parent policy
This is a common practice with many web software solutions that have Organization policies assigned to individual agents where by default it inherits the organization policy and every change is considered a override
So for example if the parent policy has a list of a 500 hundred urls that are whitelisted
and the Regular Policy has 100 Urls that are whitelisted and i then assign it to a regular policy it will be considered as if the regular policy has those urls whitelisted besides for what is already whitelisted within the regular policy which will be a total of 600 urls (unless they are duplicates... )
@Mikey: I see that you added global policies. What about global block pages?
@Ken: Hi Ken
I am totally with @Nachman on this. What we need as MSPs is not a global Policy that replaces the existing policies but one that is a sublement to the one the client has.
So basically one of the schools we support reports that a page is blocked that is needed and chances are that all the other schools will also need this page in the near future. So instead of adding it to all the white lists of all the instances we want one central place to add it. But this is not solved with the global list because every school has different needs with the categories and some of them also have special requests about white-/black-lists
@Ken Carnesi: Hi Ken, I'm going to add my vote to the "Global Black/Whitelist that can be added to via child policy" train. In fact, full policy inheritance would be amazing, but initially the blacklist and whitelist would be good enough. For example, we want to block pastebin.com for every single client, but we also want to be able to add things to the blacklist per client.
Think of how Group Policy is applied in Active Directory. At each level you can override/add to the policies of the level above it. Thankfully for DNSFilter we really only have 2 or 3 levels to worry about as an MSP:
- Global (where we'd block pastebin.com, and stuff on the "Threat" tab, including "Proxy & Filter Avoidance" because we want this as a default)
- Company (Say one particular company wants their SaaS software whitelisted, and maybe they want the "Proxy & Filter Avoidance" category allowed for research purposes for the whole company)
- Policy (Site/NAT IPs - standard policies as they stand, but can override/add things to the policies filtering down from above)
What's the latest on this? Setting up clients from scratch is slowing us down. We need the ability to create a master policy and apply it to every customer, or at least be able to use as a template that can be modified while setting up. How much longer is this request going to sit here with no feedback? Anyone care to take a bet?
@[email protected]: Apologies for our lack of updates here. We have this scheduled for later in Q2, after the Active Directory sync and dashboard reporting changes.
I've about given up on this feature and moved all of my customers into one organization and created individual sites. I see no benefit to having them as individual organizations. When I need a page blocked or unblocked, I need it blocked/unblocked for all my organizations/sites and do not want to have to go to each organization individually. This problem is compounded the more often we need to add blocked sites or unblock a site. Also going to each organization individually leaves a lot of room for error as an organization could easily be missed. Seems like the MSP model is an added layer of complexity and almost unnecessary at this point.
Update please? Is this coming this year?
Hi @Josh Lamb - It's Q3 and still listed as planned. How're we looking? This is a big thing for us
Hello @Nachman. We had a discussion about this feature recently. There were some backend changes that have moved us closer to implementation, and it is on our shortlist for planned features. To put a realistic timeline out, we are hoping this can be done by Q2 2019.
@Josh Lamb: Is there a realistic timeline when we could expect this feature to be implemented ?
@Nachman: We have this planned for late Q2. There are some features, such as Active Directory user sync and dashboard changes which are scheduled ahead of global policies.
HI Ken any update with a Real ETA for this most wanted feature ?