This is all there is in the EPO product guide for 5.1.0 on page 167. You would generally never want to set any products to "not enforcing" unless you want to control that product locally only. There is no real benefit to this in an EPO-managed environment.
If policy enforcement is turned off, systems in the specified group do not receive updated site lists
during an agent-server communication. As a result, managed systems in the group might not function
as expected. For example, you might configure managed systems to communicate with Agent Handler
A, but with policy enforcement turned off, the managed systems will not receive the new site list with
this information, so they report to a different Agent Handler listed in an expired site list.
Thanks for your response.
I saw that. But I don't see where it states that the local policies on the client will take over when ePO stops applying the policies it has in its configuration. Are we to accept/assume that because the docs speak of agents not pulling updates to site lists due to non-enforcement that local policies take over?
"Not enforcing" just means EPO will not enforce the policies for that product on the sytem or systems that have the broken enforcement. The example from the Product Guide was given because it reinforces why it's not a good idea. Virusscan will enforce its own local policies on a system without a managed Agent the same way as if you have Virusscan installed but with a managed Agent and policy enforcement disabled. Local enforcement is implied because there is nothing else other than local and EPO policy enforcement.
Good stuff. Thanks, Gary.