104
Global Policies for MSPs
launched
Mikey @DNSFilter
launched
Thanks for all the feedback. We are considering Global Policies now complete. We understand layering of policies is desirable and will evaluate more on that in the future.
Stay tuned for updates to:
Global whitelists/blacklists - https://www.dnsfilter.com/product-roadmap/p/msp-global-blacklistwhitelist/
Global block pages - https://www.dnsfilter.com/product-roadmap/p/global-block-page-to-use-add-to-any-site/
Allen
Mikey @DNSFilter: by "evaluate more in the future", is that a short term statement? or the kind that is saying, "we think its too hard based on our existing stack and we will push this off into the never never because we dont know how we can achieve it"? kind of statment? - seeking clarification so that we can determine weather to renew our safedns solution, which already has this. or keep going with DNSFilter
Nachman
Allen: I"m with you Allen! Its really important for everyone that cares to voice their opinion about this we really waited for this for a few years already only to hear that its not going to be happening !!
Mikey @DNSFilter
Thanks for your comments Allen and Nachman. We are definitely not abandoning further improvements to global policies. I'll be reaching out to you both to get a better idea of how you would like the feature to evolve going forward.
Lorne
Mikey @DNSFilter: I'm hoping this has gained some traction since April and that layered policies will be introduced soon!
Mikey @DNSFilter
Hi Lorne! Yes we are actively scoping layered policies and hope to implement later this year. Thanks for your comment.
Lorne
Mikey @DNSFilter: We're nearing the end of the year. Any updates on this?
Mikey @DNSFilter
Hi Lorne, thanks for reaching out. I do not expect layered policies to be released by the end of the year but I'm pushing to start on the implementation in early 2021.
Allen
,
Serena Raymond
Quick update, everyone! You can now duplicate a global policy within a sub organization and not just from your main account. Keep the feedback coming as we’re still working to make Global Policies better.
Serena Raymond
Thanks to everyone who voted on this Global Policies feature!
Global Policies are now here as a preview feature. Now, you can:
- Convert old policies under your MSP organization to Global Policies
- Automatically create Global Policies by adding them under your MSP dashboard
This feature request is staying open as we are continuing to develop Global Policies and incorporate your requests.
If there are any other things you’d like to see, comment on this feature request or contact us directly. Your continued feedback impacts how we continue to develop DNSFilter. Keep the comments coming!
Aaron
Serena Raymond: Just going to echo some others here but policy inheritance with override is how we need this functionality to work. This will allow us to set a baseline policy (block malware, whitelist our tools), and then apply more granular policies to each client.
Mikey @DNSFilter
Aaron: Thank you for your feedback. We made a slight adjustment to the initial release of Global Policies to allow for customization of a global policy. You can now duplicate a global policy from any sub-organization which will give you the ability to create a global policy to serve as a template. After the global policy is duplicated you can make alterations to the policy to suit a specific organization.
Keep in mind, after duplication, the new policy is no longer connected to the global policy and will not receive updates passed down from the global policy.
We realize a "layering" approach to global policies will be the best solution and are working towards that goal. However, this effort is not yet in progress.
I've attached a screenshot to showcase where to perform the duplication.

Timothy
I just signed up for the trial as mso. Havent looked,at the software yet. I read this post and wondered if we are there yet or should i wait ti evaluate. So much software doesnt support apllying multiple policies in order to implenent inheritance with override and it wastes valuable time.
Nachman
Timothy: Im So glad that im not the only one voicing my opinion regarding this.
We need everyone to post their Thought!
We've been waiting so long for this feature to be implemented ... only to see that its not what we expected ...
Ken Carnesi
developing (live in <90 days)
We're nearly complete with this feature. We are expecting it to be in our production release during the week of Jan 20th.
Nachman
Ken Carnesi: can we still expect it this week ?
Ken
Nachman: There's a small chance, yes. However, it's looking 100% solid for next week (week of Jan 27th). We have a big release this week coming up with regards to improved reporting, and some unforeseen issues prior to release came up on reporting, which bumped the Global Policies by a few days.
Nachman
Ken: Hi Ken, i see that the Global Policy Feature is Now live but i believe that this wont be Too useful (the way it currently is ) what i really was looking for (and i think Many other users as well) is to be able to have a global whitelist and blacklist stacked upon the users current Whitelist/Blacklist Policy Which would make the Current policy a Sub Policy to the Global Policy (sort of as a override ) But Not that we should be restricted to only use the Global Policy entirely.
The Main Reason i was looking for a global Policy was That i shouldn't need to Add a url to all of my policies whitelists/Blacklists
but i still need to have many Custom policies For Example if i Blacklist www.badsite.com on my global blacklist then i should not need to add it to each policy's blacklist Rather Each policy that is attached to the Global Policy should inherit the global policy on top of the current policy
(sorry for being repetitive I just want make sure that im clear about it )
i think That its a nice feature to be able to Show the policy across all organizations (that seems to be the current new feature) but this wont help the other issue of Global Whitelist/Blacklist Is this something that is Planned on being Developed as well ?
Mikey @DNSFilter
Hi Nachman, thanks for commenting. The new global policy feature will allow you to create a policy that can be reused between your sub-organizations and includes the whitelist/blacklist features. Any alterations made to the policy will apply to all endpoints using the policy.
Help me understand your request better. I'm hearing the following:
- A global policy that you can assign to any sub-organization and build upon without affecting the global policy.
- You are specifically interested in a global whitelist/blacklist that you could attach to any policy and make alterations without affecting the global whitelist/blacklist? - This scenario is well covered by our whitelist/blacklist import/export feature. Are you familiar?
Nachman
Mikey @DNSFilter:HI I think i was misunderstood
Ill try to explain myself Better
all i need is the ability to have a global Parent whitelist/Blacklist that i can add urls too
i can then Assign this Global Parent policy to any existing Regular policy from any organization
this will be helpful each time that i add a url that i don't need to add it to all of my policies Separately (like i currently need to do which is time consuming )
rather i can just add it once and it will effect all policies that have this Global Parent Policy assigned to it (ie. this type of Global Policy will be considered a parent Policy ) and it will then make the standard policy to be considered a override if anything has been changed from the parent policy
This is a common practice with many web software solutions that have Organization policies assigned to individual agents where by default it inherits the organization policy and every change is considered a override
So for example if the parent policy has a list of a 500 hundred urls that are whitelisted
and the Regular Policy has 100 Urls that are whitelisted and i then assign it to a regular policy it will be considered as if the regular policy has those urls whitelisted besides for what is already whitelisted within the regular policy which will be a total of 600 urls (unless they are duplicates... )
Moshe
Mikey @DNSFilter: I see that you added global policies. What about global block pages?
admin
Ken: Hi Ken
I am totally with Nachman on this. What we need as MSPs is not a global Policy that replaces the existing policies but one that is a sublement to the one the client has.
So basically one of the schools we support reports that a page is blocked that is needed and chances are that all the other schools will also need this page in the near future. So instead of adding it to all the white lists of all the instances we want one central place to add it. But this is not solved with the global list because every school has different needs with the categories and some of them also have special requests about white-/black-lists
Timothy
Ken Carnesi: Hi Ken, I'm going to add my vote to the "Global Black/Whitelist that can be added to via child policy" train. In fact, full policy inheritance would be amazing, but initially the blacklist and whitelist would be good enough. For example, we want to block pastebin.com for every single client, but we also want to be able to add things to the blacklist per client.
Think of how Group Policy is applied in Active Directory. At each level you can override/add to the policies of the level above it. Thankfully for DNSFilter we really only have 2 or 3 levels to worry about as an MSP:
Examples:
- Global (where we'd block pastebin.com, and stuff on the "Threat" tab, including "Proxy & Filter Avoidance" because we want this as a default)
- Company (Say one particular company wants their SaaS software whitelisted, and maybe they want the "Proxy & Filter Avoidance" category allowed for research purposes for the whole company)
- Policy (Site/NAT IPs - standard policies as they stand, but can override/add things to the policies filtering down from above)
mike@surepointit.com
What's the latest on this? Setting up clients from scratch is slowing us down. We need the ability to create a master policy and apply it to every customer, or at least be able to use as a template that can be modified while setting up. How much longer is this request going to sit here with no feedback? Anyone care to take a bet?
Josh Lamb
mike@surepointit.com: Apologies for our lack of updates here. We have this scheduled for later in Q2, after the Active Directory sync and dashboard reporting changes.
Brandon
I've about given up on this feature and moved all of my customers into one organization and created individual sites. I see no benefit to having them as individual organizations. When I need a page blocked or unblocked, I need it blocked/unblocked for all my organizations/sites and do not want to have to go to each organization individually. This problem is compounded the more often we need to add blocked sites or unblock a site. Also going to each organization individually leaves a lot of room for error as an organization could easily be missed. Seems like the MSP model is an added layer of complexity and almost unnecessary at this point.
mike@surepointit.com
Update please? Is this coming this year?
Timothy
Hi Josh Lamb - It's Q3 and still listed as planned. How're we looking? This is a big thing for us
Josh Lamb
Hello Nachman. We had a discussion about this feature recently. There were some backend changes that have moved us closer to implementation, and it is on our shortlist for planned features. To put a realistic timeline out, we are hoping this can be done by Q2 2019.
Nachman
Josh Lamb: Is there a realistic timeline when we could expect this feature to be implemented ?
Josh Lamb
Nachman: We have this planned for late Q2. There are some features, such as Active Directory user sync and dashboard changes which are scheduled ahead of global policies.
Load More
→