AvePoint Learn
Request article
Contact support
Request article
Contact support
English

Home > Policy Enforcer > Generate Reports of Identified Violations

Export to PDF

Generate Reports of Identified Violations

After the job of the Policy Enforcer rules completes, all of the out-of-policy actions and changes are recorded as the job’s data. Policy Enforcer enables you to generate a report based on the latest event data collected by rules for the selected SharePoint Online nodes. The report displays the SharePoint Online nodes where out-of-policy objects, permissions, and settings reside with the details of the rules and violations. It also supports fixing the violations with the Custom Actions configured in the corresponding rules or performing manual operations to fix the violations.

To generate a report of all of the violations identified by Policy Enforcer rules within a selected scope, complete the following steps:

  1. On the Policy Enforcer tab, expand the tree in the Scope field and select the nodes that the job of the Policy Enforcer profiles has been performed on.

  2. Click Generate Report on the ribbon. The Generate Report interface appears.

  3. On the Generate Report page, you can view each selected node displayed in the Scope pane, which is marked with either of the following icons in the Status column to indicate whether there are out-of-policy nodes under this node.

    • The green check mark indicates that this node is within policy.

    • The red X mark indicates that a rule has been violated within this node.

  4. To view the Policy Enforcer rules that are currently applied to a node, expand a node name, and each of the rules will be displayed below. To view the detailed information about the rule, click the information icon on the right of each rule name.

  5. You can click the rule name to display the SharePoint Online nodes, including the out of policy objects, permissions, settings, or features. If desired, refer to the Status column of each row to perform manual operations to fix the violations.

    • Fixed automatically – Violations have been fixed automatically by Policy Enforcer based on the Custom Action setting configured in the rules.

    • Can be fixed – The Custom Action setting of the specified rules is turned off. Policy Enforcer has not taken any action on the violations. You can choose to fix the violations in bulk based on the Custom Action setting configured in the rules by selecting the nodes and clicking Fix on the ribbon.

    • Requires manual operation – Policy Enforcer does not support automatic fixes to the specified violations based on the Custom Action setting configured in the rules. The rule Move and Copy do not support the Custom Action feature. You need to fix the violations with manual operations. To fix the violations manually, select the corresponding nodes and click Manual Operation Required on the ribbon or the manual operation button in the Action column to trim down to the out of policy nodes in the tree on the Management page of Administrator. You can manually reconfigure the settings to fix the violations in this node if desired.

    • Error – An error occurred while fixing the violations by Policy Enforcer based on the Custom Action setting configured in the rules. Refer to the exception details listed below the node’s name and then select operations to fix the issue accordingly.

  6. To view the detailed information for the violations in a specific out-of-policy node under a rule name, click the node. The detailed information for the violations of the specific rule in this node will be displayed below.

  7. To export the report, click Export on the ribbon to configure the export settings in the pop-up window.

    • Report Format – Select a report type from the drop-down list.

    • Export Location – Select an existing export location from the drop-down list to store the report before exporting. To create a new export location, select New Export Location in the drop-down list. For detailed instructions on how to create an export location, refer to the Configure Export Locations section in the Cloud Management User Guide.

    • Notification – Select an existing notification profile from the drop-down box. A notification e-mail will deliver to the corresponding recipients.

    After the configuration of the settings above, click OK to start the export operation.

    For performance reasons, only the first 2000 nodes which contain an object that is not within the policy will be displayed. To view all of the out-of-policy nodes and their objects, you can generate an export report.

Hide and Unhide Out-of-Policy Nodes

If you do not want to handle all of the out-of-policy nodes on the Generate Report page immediately, you can hide the out-of-policy nodes you want to dispose of later for a specific period by using the Hide function. The hidden nodes will be hidden from the report of this rule and kept in the Hidden List until the expiration date.

To hide an out-of-policy node from the Generate Report page, complete the following steps:

  1. Select the out-of-policy node you want to hide by selecting the corresponding checkbox.

  2. Click Hide on the ribbon, and select an expiration period for hiding the selected node. This node disappears from the Generate Report page and is kept in the Hidden List.

  3. Go to the Hidden List to view and manage all of the hidden out-of-policy nodes.

To unhide specific hidden out-of-policy nodes and make them visible on the Generate Report page again, complete the following steps:

  1. Select the nodes which you want to unhide by selecting the corresponding checkboxes.

  2. Click Unhide on the ribbon.

  3. Once a specific node is unhidden, you can view this node on the Generate Report page again.

Manage Hidden Out-of-Policy Nodes

Click Hidden List on the ribbon. The Hidden Issues window appears. You can view and manage all of the hidden out-of-policy nodes on this window.

In the Hidden Issues window, review the following information for a specific out-of-policy node:

  • Rule Name – The rule which has been violated in this node.

  • Profile Name – The profile to which the violated rule belongs.

  • URL – The URL of this node.

  • Hidden Date – The date when this node is hidden.

  • Expiration Date – The date when the hiding action expires. This node will appear on the Generate Report page again.

  • Details – The detailed information of the out-of-policy operations or settings in this node.

Change Expiration Date

To change the date expiration for hiding out-of-policy nodes, complete the following steps:

  1. Select the nodes you want to change by selecting their corresponding checkboxes.

  2. Click Change Expiration Date on the ribbon. The window for changing the expiration date appears.

  3. Click the calendar button and select your desired date as the new expiration date for the selected nodes.

  4. Click OK to save the change, and return to the Hidden Issues interface.