You can apply a security policy to a security group to secure your virtual desktops, business critical applications, and the connections between them. You can also view a list of the services that were not applied and the reason they failed to apply.


  1. In the vSphere Web Client, navigate to Networking & Security > Security > Service Composer.
  2. Click the Security Policies tab.
  3. Select a security policy, and click Apply or the Apply Security Policy (apply) icon.
  4. Select the security group that you want to apply the policy to.

    Security groups for use with Identity Firewall for RDSH, must use security policies that are marked Enable User Identity at Source when created. Security groups for use with Identity Firewall for RDSH can only contain Active Directory (AD) groups, and all nested security groups must also be AD groups.

    If you select a security group defined by virtual machines that have a certain security tag applied to them, you can create a dynamic or conditional workflow. The moment the tag is applied to a virtual machine, the virtual machine is automatically added to that security group.

    Network Introspection rules and Endpoint rules associated with the policy will not take effect for security groups containing IPSet and/or MacSet members.

  5. (Optional) (In NSX 6.4.0 only) Click the Preview Service Status icon to see the services that cannot be applied to the selected security group and the reason for the failure.
    For example, the security group may include a virtual machine that belongs to a cluster on which one of the policy services has not been installed. You must install that service on the appropriate cluster for the security policy to work as intended.
  6. Click OK.