With location based rules you can have different policy settings depending on where your pc is currently located. Why would you want this? It gives you the flexibility to allow different functionality to a pc depending on what it is currently being used for or where it currently resides. For instance if a pc is outside a corporate network unsecured at a Internet Café with no firewall security you would like this pc to have the best level of security. You would want to block all ingoing ports and allow only applications and outgoing ports that is necessary for the user to work. However when the same pc is back in the office environment you might want to loosen the security a bit to allow an administrator to be able to connect to the pc to administrate it and maybe allow file sharing etc. With location based policies this is all possible to achieve. Example For instance if you are using your work pc in an unsecure network you can have a special rule that is triggered by a condition that would show that you are not in a trusted network. The firewall rules and antivirus rules would be set to block all ingoing traffic and only allow outgoing traffic that is necessary for the user to be able to work. When the pc is back in the secured lan (in the office) there would be a rule that is triggered by a condition that is unique to the trusted lan. For instance you can use the SEPM server as a trigger. How does it work? How this works in reality is that when the pc can sense the awareness of the SEP server it changes to the locations that we here call “Trusted Location” and then the rules that are set for this policy is enabled. When the pc is connected outside (anywhere) of the secured lan it can no longer sense the SEP server and then it will change location to the “Untrusted Location” with its special policy rules. You can find and manage locations by logging in to SEP Manager and going to the Clients Tab. Click on “Policies” tab and look to the left under the “View Clients”. Here you can see “Tasks” that can be done. Click on “Manage Locations”. Here you can create locations and also make the conditions on when the locations will be triggered. The next step is to go to policies and “map” the correct policy to the correct location. You would be easiest of to create one policy per location and keep the same or similar name on the policy and location. When the location and policy are mapped together to a group you should edit the rules of your policies so that they match your security criteria. What else can you do? One nice thing you can do with location based policies is to block access to multiple network connections that occur at the same time. This is possible if you make a rule that allow only Ethernet for “Trusted location” and block all other interfaces (you can also customise to allow a special Ethernet card or connection). And then you do vice versa on the other locations if you want to allow for instance wireless. If you want to do combinations to allow both wireless and Ethernet connection in the network but not at the same time you have to create additional locations and apply more triggers to make sure it works properly. This scenario is of course more complex and demands a lot of testing before you can launch it in full scale in your organisation. Once it is done you will be very happy with the functionality. Enjoy!