Servers/Server Groups vs Application/Segment Group Use-Case

I’m relatively new to Zscaler Scaler, and I am having trouble wrapping my head around when use to Applications/Segment groups vs Server/Server Groups.

I under the purpose of defining Applications Segments and Segment groups. I can configure Access Policies based on the Applications or the Application Groups. For example, I could limit RDP to a specific server or a set of servers in an Application Segment.

However, is there a use case where I would define a server and server group but NOT an application segment? Is there a best practice to have each application segment listed within a server?

server and server group or only server group needs to define in order to look at the place where that application is actually located. Connecror group defined under server grp will do this job.

Appliaction segment is the list of ip address, fqdn with ports. You can have application segment like application with port 80,443 and application with rdp.

Segment group is the logical group for define access plicies in granular way.

Thanks for that.

Can you define Access Policies based on Server Groups instead of Application Segments?

No , you can define access policy with application segments and segment group only.