DNS ProtectionPolicy mapping via UnityAPI

Hello @chrisrose ,

Thanks for the information.

There are a number of methods that can be used listed here:

https://unityapi.webrootcloudav.com/Docs/en/APIDoc/APIReference#apiReference-Console-ConsoleGSM-group-policymanagement

Specifically the following listed call applies a policy to a group of endpoints:

PUT /service/api/console/gsm/{gsmKey}/sites/{siteId}/groups/{groupId}/endpoints/policy

Hope that helps - if not, you can DM me and we will be able to assist you further.

Thanks,

Aqil

Thanks @aqila

The command you noted I believe would allow us to set an endpoint protection policy but not a DNS Site Policy as pictured.

I can set this type of DNS policy for the site and apply it to the Static IP, but not to the agent.

Good morning everyone - great question! Thanks @aqila for bring this to my attention.

At this time, there is no way to directly specify what DNS Policy is assigned to an Entity (IP or Device). That said, there are ways to achieve this by using some of the existing Unity functionality. For example, you could create a Group in the Console, assign a DNS Policy to the Group, and from there, any device moved into this Group would automatically be assigned the Policy. As moving Entities between Groups is supported under Unity, you can effectively assign Policies. 

I realize this is a touch cumbersome, but it may achieve what you are looking to do until we support DNS Policy assignment directly. 

I believe I have created a couple PS scripts to move between Groups. Let me see what I can dig up.

Here is a PS script I wrote back in 2018 for this purpose. I believe it still works - use at your own risk.

Group Move PS