Views:
Cloud App Security provides two default ATP policies for each protected application or service.
Policy
Description
Default ATP policy
  • This policy contains preconfigured settings and you can change them as necessary.
  • This policy applies to all targets in your company.
  • This policy is disabled by default.
  • This policy has the lowest priority.
Default ATP policy (monitor only)
  • This policy works in monitor mode to scan email messages or files in your application or service and record detections in logs, without taking actions. This helps evaluate the Cloud App Security capability with zero impact on mail flow and file sharing.
  • This policy contains preconfigured settings and you can change them as necessary, except for the following:
    • All actions are fixed to Pass and not configurable.
    • The Monitor and log only option in Virtual Analyzer is selected and not configurable.
  • This policy applies to all targets in your company.
  • This policy is disabled by default.
  • This policy takes precedence over the default ATP policy in non-monitor mode. It has the second-to-last priority.
Perform the following steps to add an ATP policy.

Procedure

  1. Go to PoliciesPolicy Management.
  2. From the Organization drop-down list, select the organization for which you need to create policies.
  3. Click Advanced Threat Protection under Email Policies or Collaboration Service Policies, depending on the service for which you want to create policies.
  4. Click Add Policy and select an application or service to create a policy for.
    You can create policies for the applications and services that you have granted Cloud App Security access to.
  5. Configure policy settings.
  6. If you have configured multiple policies for one application or service, adjust policy priorities as required by dragging a policy and placing it at the desired priority.
    Note
    Note
    Policies are applied in order from the highest priority to lowest priority. If you enable multiple real-time scanning policies for the same user, only the policy with the highest priority is applied. The default policy always has the lowest priority and will be applied if no other policies are matched.