Improvement idea for Device Control in SEP 12.x
Not sure if anyone has raised this one before. Having a large fleet of smartphones, tablets, USB drives etc it would be great to have hardware device groups for device control (similar to Host Groups in the Firewall component).
If I want to approve devices right down to the serial number portion of the device ID, currently the list of approved devices would become incredibly unweildly to manage very quickly. Due to this, I have to use wildcards in some of the device ID strings so I only end up with one entry to manage. The problem with this is that we would rarely be able to purchase devices where serial numbers are consecutive. That means the device ID string with wildcard will allow our smartphones access, but may also any other smartphone of the same brand & model that matches. It would be vastly preferable to limit access to just our devices specifically.
With hardware device groups I would be able to have a group of approved smartphones. The group would contain a description and full device ID string (including the serial number portion) for each and every approved smartphone. I then just add that group to the device control policy, rather than having to add multiple individual devices.
I do have cases where I only have one (or a very small number) of a particular device. In this case I can still add that as single device, or use a wildcard if appropriate. Having the additional feature of adding large groups of the same device via device groups would save a major headache & make the system more secure by only allowing our specific devices.