Separate the Global policies from the Base polices
Sure would be nice if we could apply Exclusions globaly without affecting the base policy.
Exclude folder from scan: SQL servers
Exclude folder from scan: MSP tools
leave the detail config to the client/tenant.
aka: allow us to apply only the pieces/parts that were configured...not push all available settings in both Global and Base policy sections.