Yes... It does seem like a step back. I guess putting all the products into one has reduced individual functionally a little bit. I was wondering if you use location aware groups. I have noticed using the DNS suffix criteria it is not working as expected (see my other post).
Yes, neither does "Require that McAfee ePO is reachable" nor "Domain Reachability (HTTPS)".
I agree. Our SOC uses Policy Assignment Rules that apply certain HIPS policies in order to Isolate a system. This included a custom message in the HIPS UI popup. This feature seems to have been removed in ENS.