Typically, you create an exception when you do not want a particular violation to display in the assessment report for a policy template, or when you want to prevent a particular security check from running for an endpoint or a group of endpoints. For example, if a server in your environment is currently undergoing maintenance, you might want to create an exception to suspend monitoring that server with certain security checks.
When you run the relevant policy templates against the specified endpoints or groups of endpoints, Secure Configuration Manager applies the exceptions. The assessment report always lists the exceptions that were applied during that run of the policy template.
You can create, apply, and modify exceptions in the following ways:
One exception that includes multiple policy templates. This batch method enables you to select multiple endpoints or groups, then choose all the policy templates and security checks within those templates that you want to include in the exception. The Web console must be configured to support this method.
Within a completed assessment report for a policy template run. This report-created method will be relevant only to the endpoints that were assessed during that run.
In some organizations, all new and modified exceptions must be approved before going into effect.