Endpoint Security can enforce policy rules on computers and users based on their connection and compliance state. When you create a policy rule, you can select the state or states during which this policy is enforced. By default, policies apply when the client is Connected.
States are not applicable for all blades. For example, Full Disk Encryption rules always apply and cannot change based on state. The option to create rules based on state only shows for applicable blades. If there is no applicable rule for the Disconnected or Restricted states, the Connected policy applies.
For example, you can enforce a more restrictive policy if users are working from home and are not protected by organizational resources.
In the Restricted state, you usually choose to prevent users from accessing some, if not all, network resources.
You can configure restricted state policies for these blades: