Groups are the fundamental building block of companies in Privatise. Every company has at least one group, but a company can also be broken up into multiple groups. By default, all the new users and devices belong to the default group. You will however be able to add groups, delete groups, split up users between groups etc. Through group policies, you'll be able to provision a ROC (Remote Office Cluster), create custom rules and permissions, have control over the group firewall, and more.

By default, you have one Default Group per company. You can manage it under Manage Groups in the left sidebar.

Once you click on that, you'll want to click on “Edit Group Settings” For the Default Group.

Now you'll have access to the group settings in the Default Group. If you have not added more groups, all of your users and devices will be controlled by the settings in this group.

Within group settings you can:

1. Provision and enable your ROC (Remote Office Cluster)

2. Set up whitelisting for sites you don't want the app to pass through.

3. Access your DNS filtering (ROC required)

4. Access virtual firewall (ROC required)

5. Create global trusted networks.

The ROC is the base for all of Privatise's advanced features. To provision a ROC, go to “ROC On Demand” and click “Request Dedicated Server”. Make sure to choose the location closest to where your client endpoints are based.

Once requested, you'll see a message telling you that you'll be notified via email once the ROC is provisioned. The email will go the main admin of the partner account. It takes between 20 to 30 minutes for the ROC to be provisioned.

Once provisioned, you will have access to more settings, DNS Filtering, the virtual firewall, and endpoints on the ROC will be able to communicate for Remote Access.

The ROC On Demand page will look like this once the ROC is provisioned:

On that page, you'll be able to access your enterprise DNS filtering. Here's how:

1. Click on the eye to show the password.

2. Copy the password. Make sure to disable your password manager if you have one, as it might overwrite this password and give you the wrong one.

3. Click the blue link where it says “Manage Privatise ROC Enterprise DNS Content FIltering here.”

You will now be brought to the Privatise DNS Threat Analysis Dashboard login page. Enter the password you copied above and login.

Once logged in, you will get an overview of your Privatise DNS including query logs, queries that were blocked, etc. For more information on Privatise ROC-DNS & our DNS Filtering solution with the ROC, please go to ROC-DNS.

Under your group, you'll have access to managing general settings for that group.

There you'll be able to:

1. Enable PrivatiseGuard (Privatise over WireGuard on Windows). This is only available when you have a ROC provisioned and enabled, and should be used specifically for users with latency issues. Split Tunneling/Whitelisting will not be available for WireGuard users.

2. Enable Full Control. This prevents the user from having any access to the VPN. They will not be able to turn it on, off, or exit Privatise. All of their settings will be managed by the MSP from the managed user portal.

3. Trusted Networks. Enable or disable Trusted Networks on the endpoints. Enabling will allow users to add Trusted Networks via the client app. Global Trusted Networks will continue to work with this disabled, and Full Control overrides Trusted Networks.

4. Windows Auto Update. Enable or disable Windows auto update.

ROC SD Control is available for compliance with regulations like Cyber Essentials. By default, Privatise ROCs are locked down which the exceptions of ports used for the OpenVPN, IPSec, or WireGuard protocols. Those ports require a signed certificate in order to access, and are open for a business reason and have no compliance issues.

The one port that is open to the world is 8443 for the ROC-DNS Threat Detection dashboard. You have the option of closing that port, or opening it exclusively to certain IPs.

Unless you have specific compliance regulations that require you to close 8443, we recommend leaving the virtual firewall as is.

If you have a ROC enabled, it will override GEO Settings as for security, endpoints will be forced to connect to the ROC/VLAN. For users that do not require advanced security and want to use Privatise to surf from different locations, for example for research. You can put the min a group without a ROC and enable GEO Settings as seen below.