#Automatic Policy

Automatic policies enable continuous, scheduled compliance monitoring by scanning predefined data scopes for rule violations. Administrators configure these policies by selecting rules, defining target object types and conditions, and setting violation handling actions such as reporting, automatic remediation, or approval workflows. These policies operate on a customizable schedule, running scans at specified intervals to ensure ongoing enforcement of security and compliance standards. The system provides full lifecycle management for these policies, including editing, enabling/disabling, and deletion from a centralized interface.

#Create an Automatic Policy

To create an automatic policy, complete the following steps:

1. On the Automatic policies page, click Create policy in the upper-right corner.

2. In the Create policy panel, complete the following configurations in Basic information first:

   • Rule – Select a rule for this policy. For the list of supported rules in the system, refer to Supported Rules.

     You can search for a specific rule by entering the rule name in the Search text box and then selecting it from the suggestion list.

   • Policy name – The policy name will automatically inherit the rule name. You can modify the name based on your needs.

   • Description – Enter a description for the policy

   • Status – Configure whether this policy will be in the Enabled or Disabled status upon creation.

Click Next.

3. In Scope, define the policies’ monitoring scope by completing the following configurations:

   • Object type – Select an object type for this policy. The available object type to select depends on the selected rule.

   • Conditions – To narrow down the scope, define the conditions. Only objects that match the configured conditions will be included in the policy’s monitoring scope. The available conditions to configure depend on the selected rule.

Click Next.

4. In Policy details, configure the violation processing approach, notification settings, and scanning schedule for the policy.

While detailed policy settings differ from one another based on the rule selection, there are some common optional settings during policy creation:

• Operation – Select the operation to take after a violation is detected. You can select:

  • Report the violation – The violation will be recorded in the Violation Report where both violation details and further actions are available.

  • Fix directly – Configure a fixing action and automatically fix the violation upon detection.

    NOTE

    This option is not applicable to rules that can only be fixed through manual fixes. For example, for the Manager count restriction rule, when violations are detected, administrators need to decide the user to add or remove from the shared drive’s manager list.

  • Fix through approval process – Evaluate the violation and fixing details through the approval process created in Configure Approval Process.

    NOTE

    This option is not applicable to rules that require manual fixes. For example, for Manager count restriction, when violations are detected, administrators need to decide the user to add or remove from the shared drive’s manager list.

• Trigger when an object meets the following conditions– Configure the conditions that triggers the selected operation.

• Action details – If Fix directly or Fix through approval process was selected, configure the fixing action to take. The selected action will be executed upon violation detection or approval.

• Approval process – If Fix through approval process was selected, select an approval process.

• Send violation notifications to – To notify certain user of the detected violation, select the recipients.

• Schedule – Complete the following schedule setups:

  • Scan start time – Select the time to start the first scan job of this policy.

  • Scan interval – Configure the scan job’s frequency. The interval can be certain days, weeks, or months.

  • Retention duration – Configure the number of days to retain the scanned data of this policy. The maximum duration is 365 days.

5. Click Save and the policy will operate based on your schedule configurations. Or you can click Save and run to assign the policy to the selected scope and run a job immediately.

   NOTE

   Clicking Save and run will not affect the set policy schedule, so a job will continue to be executed at the designated scan start time, and subsequent jobs will run according to this schedule.

#Manage Automatic Policies

All created automatic policies will be displayed on the Automatic policies page, where you can manage them by the following operations:

• Search for policies – Find specific policies by typing all or part of their name into the search bar to filter the list.

• Filter policies – Narrow down the displayed list of policies based on specific criteria like status, object type, or modified time.

• Manage columns – Customize which information columns are displayed in the policy list table for better visibility.

• Refresh – Click Refresh to reload the page to update the list of policies and ensure all information displayed is current.

• Edit policy – Select a policy and click Edit or the action list icon to the right of the table row to expand it and select Edit. Then, modify the configuration of a selected policy, such as changing its scope, rule, or violation actions.

• Enable / Disable policy – Select a policy and click Enable / Disable or turn on / off the toggle in the Status column to activate or deactivate a currently policy.

• Delete policy – Select a policy and click Delete or the action list icon to the right of the table row to expand it and select Delete. This will permanently remove the selected policy from the system, which will stop all future scans and violation processing.