#On-Demand Policy

On-demand policies provide targeted, manual compliance checks for specific Google Workspace objects without scheduled scanning. These policies allow administrators to create customized rules and instantly apply them to selected shared drives or other objects for immediate violation assessment. They are ideal for conducting focused audits, investigating specific security concerns, or verifying compliance before project deployments. Unlike automatic policies, on-demand executions are one-time operations that provide immediate results without creating ongoing monitoring schedules.

For detailed instructions on on-demand policy applying, refer to Apply Policies to Shared Drives.

#Create an On-Demand Policy

To create an automatic policy, complete the following steps:

1. On the On-demand policies page, click Create policy in the upper-right corner.

2. In the Create policy panel, complete the following configurations in Basic information first:

   • Rule – Select a rule for this policy. For the list of supported rules in the system, refer to Supported Rules.

     You can search for a specific rule by entering the rule name in the Search text box and then selecting it from the suggestion list.

   • Policy name – Enter the policy name.

   • Description – Enter a description for the policy

   Click Next.

3. In Policy details, configure the violation processing approach and notification settings.

   While detailed policy settings differ from one another based on the rule selection, there are some common optional settings during policy creation:

   • Object type – If the added rule supports monitoring multiple types of object types, select the object type for this policy.

   • Operation – Select the operation to take after a violation is detected. You can select:

     • Report the violation – The violation will be recorded in the Violation Report where both violation details and further actions are available.

     • Fix directly – Configure a fixing action and automatically fix the violation upon detection.

   • Trigger when an object meets the following conditions – Configure the conditions that triggers the selected operation.

   • Action details – If Fix directly was selected, configure the fixing action to take. The selected action will be executed upon violation detection or approval.

   • Send violation notifications to – To notify certain user of the detected violation, select the recipients.

   • Retention duration – Configure the number of days to retain the scanned data of this policy. The maximum duration is 365 days.

4. Click Save.

After on-demand policies are created, you can manually apply them to your Google Workspace objects in the Administration module. For detailed instructions, refer to Apply Policies to Shared Drives.

#Manage On-Demand Policies

All created on-demand policies will be displayed on the On-demand policies page, where you can manage them by the following operations:

• Search for policies – Find specific policies by typing all or part of their name into the search bar to filter the list.

• Filter policies – Narrow down the displayed list of policies based on specific criteria like status, object type, or modified time.

• Manage columns – Customize which information columns are displayed in the policy list table for better visibility.

• Refresh – Click Refresh to reload the page to update the list of policies and ensure all information displayed is current.

• Edit policy – Select a policy and click Edit or or the action list icon to the right of the table row to expand it and select Edit. Then, modify the configuration of a selected policy, such as changing its scope, rule, or violation actions.

• Delete policy – Select a policy and click Delete or the action list icon to the right of the table row to expand it and select Delete. This will permanently remove the selected policy from the system.