Home > Appendices > Table of Policy Enforcer Rules
Export to PDFTable of Policy Enforcer Rules
Refer to the tables below for all Policy Enforcer rules by their event types.
Event Type - Scan Site Collection Level Condition
| Rule Name | Rule Description |
|---|---|
| Active Directory Group Restriction | Restrict the addition of any AD groups into SharePoint sites. |
| Custom Script Settings | Control custom script settings on SharePoint sites (except for OneDrive). |
| Default Sharing Link Type Settings | Control the default sharing link type settings of SharePoint sites. |
| External Sharing Settings | Control the sharing settings of SharePoint site collections and OneDrive. |
| Property Bag | Control the presence and integrity of values held within a Site Collection property bag. |
| Scan External Users | Scan all external users in the site collections where external sharing is disabled. |
| SharePoint Designer Settings | Control the SharePoint Designer Settings for sites within a site collection. |
| Site Collection Administrators Count | Enforce the number of site collection administrators in each site collection where this rule is applied. |
| Site Collection Administrators Restriction | Control the addition of users/groups into the Site Collection Administrators group where this rule is applied. |
| Site Collection Feature | Control the activation or deactivation of any SharePoint feature at the site collection level. |
| Site Collection Navigation | Control the navigation settings of a site collection. |
Event Type - Scan Site Level Condition
| Rule Name | Rule Description |
|---|---|
| Access Requests Settings | Control Access Requests Settings within a site to simplify the process of managing who has access to a site. |
| Master Page | Control master page settings for sites. |
| Regional Settings | Control regional settings for sites. |
| Restricted Subsite Template | Restrict which templates can be applied to subsites below where this rule is applied. |
| Site Column Type Deployment | Control the site column type deployment where this rule is applied. |
| Site Content Type Deployment | Control the site content type deployment where this rule is applied. |
| Site Feature | Control the activation or deactivation of any SharePoint feature at the site level. |
| Site Owner Restriction | Control the users or groups that are allowed to be added into the owner groups of SharePoint sites. |
| Site Theme | Control the site theme applied to a site. |
| User Permission Enforcement | Enforce that users with specific Microsoft Entra ID properties must be in defined SharePoint groups or have certain permission. |
Event Type - Create Site
| Rule Name | Rule Description |
|---|---|
| Site Depth | Control the number of sites that can be created under the site collections where this rule is applied. |
| Site Template | Control the site template applied to a site. |
Event Type - Scan List Level Condition
| Rule Name | Rule Description |
|---|---|
| Information Rights Management (IRM) SharePoint 2013 | Control IRM settings for list/libraries with a SharePoint 2013 experience version. |
| Library Versioning Settings | Control Library versioning settings within a site. |
| List Column Type Deployment | Control the list column type deployment where this rule is applied. |
| List Content Type Deployment | Control the list content type deployment where this rule is applied. |
| List Versioning Settings | Control List versioning settings within a site. |
| List/Library Template | Control the list/library template applied to a list/library. |
Event Type - Create Item
| Rule Name | Rule Description |
|---|---|
| Content Creation/Content Upload | Restrict or allow the uploading and/or creation of content based on individual user or group, size of content, content type, or file type. |
Event Type - Copy
| Rule Name | Rule Description |
|---|---|
| Copy | Restrict or allow individual users or groups to copy SharePoint objects. |
Event Type - Delete
| Rule Name | Rule Description |
|---|---|
| Delete | Restrict or allow individual users or groups to delete items, files, lists, or libraries. |
Event Type - Move
| Rule Name | Rule Description |
|---|---|
| Move | Restrict or allow individual users or groups to move SharePoint objects. |
Event Type - Add Group Member
| Rule Name | Rule Description |
|---|---|
| SharePoint Group Member Count Enforcement | Enforce the number of members in the defined SharePoint groups in each site collection where this rule is applied. |
Event Type - Break Permission Inheritance
| Rule Name | Rule Description |
|---|---|
| Break Inheritance Protection | Protect the permission inheritance from being broken at specific SharePoint object levels. |
Event Type - Inherit Permission Settings
| Rule Name | Rule Description |
|---|---|
| Restore Inheritance Restriction | Keep track of SharePoint objects that had previously broken inheritance and implemented unique permissions, but have now reverted to inherited permissions. |
Event Type - Change Permission
| Rule Name | Rule Description |
|---|---|
| Microfeed Permissions Enforcement | Lock and protect the Microfeed Lists’ unique permissions from modification. |
Event Type - Add Group Member; Delete Group Member; Change Permission
| Rule Name | Rule Description |
|---|---|
| Grant, Revoke, and/or Modify Permission Privilege | Restrict or allow individual users or groups to modify User and Group Permission with SharePoint. |
| Permission Modification Protection | Specify Microsoft Entra users/groups and SharePoint groups whose permissions are locked and protected from modification. |
Event Type - Add Group Member; Change Permission; Scan Site Collection Level Condition
| Rule Name | Rule Description |
|---|---|
| User/Group Restriction | Allow or restrict the addition of users or groups into SharePoint sites where this rule is applied. |
On this page