Policy configuration

Policy profiles

To view and edit a policy profile:

Viewing and editing policy profiles

• Navigate to the Policies page (Admin Console > Admin > Policy Configuration > Policies).
• Click Policy Profiles.
• On the Policy Profiles page, you will find a list of configured policy profiles.
• Choose the policy profile you'd like to edit, and click the Edit icon.
• On the Edit "policy profile" page, view and edit the policy profile's existing configuration.
• Click Save.

Creating policy profiles

To configure a policy profile:

• Navigate to the Policies page (Admin Console > Admin > Policy Configuration > Policies).
• Click Policy Profiles.
• On the Policy Profiles page, you will find a list of prebuilt profiles. Click the +Add New Policy Profile button, and choose the category you want to configure.
• On the Add New Profile page, enter the Profile Name, Profile Description.
• Configure the criteria. The criteria will vary based on the chosen category. Refer to the Policy profile categories section for detailed information on the criteria available in each category.
• Click Save.

Ensure that you map your policy profile to a policy to activate it.

Policy profile categories

Policy profiles can be classified into various categories. The layout and functionality of a policy profile will vary based on its category. Currently, users can classify policy profiles into the Cloud DLP category.

Cloud DLP category

The Cloud DLP category helps administrators manage the use of cloud applications. Administrators can classify cloud applications, prevent file upload, respond to cloud requests, and perform various other actions. Follow these steps to configure a policy profile in the Cloud DLP category:

• Navigate to the Add New Profile page (Admin Console > Admin > Policy Configuration > Policies > Policy Profiles > Add New Policy Profile page).
• Enter a suitable Profile Name and Profile Description.
• Assign a Tag. Tags can be used to group policy profiles based on their functionality.
• Select a Filter. The two types of filters are:
• Predefined Filter: Enables users to select a DLP Type and choose from a plethora of preconfigured applications. The DLP Type selected determines the actions that will be performed to the chosen cloud applications. Currently, users can select Block File Upload.

For example, to prevent users from uploading files to Google Drive, you must choose the following DLP Type and cloud application:

DLP Type = Block File Upload

Cloud Application = Google Drive

• Custom Filter: Enables users to enter a filter processing stage, define criteria, and choose a response action. Criteria can be configured based on various parameters. Refer to the table below for the list of parameters:

Parameter	Description
Domain	Provide the domain names such as spotify.com.
Request URI	Provide the complete request URI such as https://instagram.com/feed.html#profile, or the path.
Request Method	Provide request methods, such as GET, POST, PUT and other methods.
Request Headers Content Type	Provide request headers content type such as application/json or other content types.
Request Referrer	Provide request referrers such as https://www.netflix.com/browse
Request Headers	Provide custom request headers such as Content-Length, User Agent and other headers.
Response Code	Provide response codes such as 200, 204, 301 or other status codes.
Response Headers	Provide custom response headers such as Content Type and Content Length.

Note: Users can choose to apply the filters at either of these processing stages:

Request: The filters will be processed before the request is sent to original server.

Response: The filters will be processed before the response from original server is sent to the client.

Users can choose to configure criteria based on one or multiple parameters as mentioned above. To configure criteria based on multiple parameters, the user must define the Condition Type. Refer to the examples below for an understanding of how you can define the Condition Type and configure a custom filter.

For example, to prevent employees from deleting files on OneDrive, you must set:

Condition Type: All Conditions

Domain: api.onedrive.com

Request Method: DELETE

Action: Block

Similarly, to prevent employees from using meta.com or instagram.com:

Condition Type: Any Condition

Domain: meta.com

Domain: instagram.com

Action: Block

Advanced condition:

Advanced conditions are handy when you need a combination of AND and OR conditions. In such instances, users have the choice to configure custom criteria patterns.

Example: To prevent employees from downloading DOCX files on Google Drive and OneDrive:

Condition Type: Advanced

Domain: drive.usercontent.google.com

Request Referrer: https://onedrive.live.com/

Response headers: Content disposition = .docx

Criteria Pattern: ((1 OR 2) AND 3)

Action: Block


• Click Save.

Policies

Viewing and editing policies

You can view and edit policies by following these steps:

• Navigate to the Policies page (Admin Console > Admin > Policy Configuration > Policies).
• On the Policies page, you will find the list of configured policies.
• Choose the policy you'd like to edit, and click the Edit icon to edit the configuration.
• On the Edit "Policy" page, make the necessary changes to the policy's existing configuration.
• Click Save.

Creating new policies

You can create policies by following these steps:

• Navigate to the Policies page (Admin Console > Admin > Policy Configuration > Policies).
• Click the +Add Policy button.
• On the Add New Policy page, enter a suitable Policy Name and Policy Description.
• Choose Policy Profiles. Currently, users can make use of the policy profiles in the Cloud DLP category.
• Click Save.