Is there a way to exclude an org from global policies?
Not at this time. Global Org applies to ALL orgs without exception. If you need to have a policy apply to some but not all orgs, you'll need to assign the policy at the individual organization level only to those that need the policy.
Potential idea would be to construct the view for the policy in such a way that the org in question is excluded.
What about excluding a machine from all policies?
I just did a suspend on an agent, will that work?
You can design scripts, policies, and views in ways that have Opt out flags in Org Custom Fields or Machine Custom Fields.
ghanssen Can you explain a bit further?
We use Global Org policies. We always use a view for these policies that only applies to a certain subset of machines, ie servers with a specific role. Also, We have a specific organization for machines that should not have policy applied and the views are constructed to exclude that organization.
We also link all of our policies at the global level, but use filters to control which ones actually take effect. policies without filters do apply to all agents, but these only handle agent configuration, never monitoring or procedure scheduling. Those always get a filter to control application.
It's been awesome as it eliminates all of our onboarding tasks unless there's a client or machine-specific override, which is rare. Onboarding clients has come down to scheduling the server patches and little else.