AvePoint Learn
Request article
Contact support
Request article
Contact support
English

    Home > Policies > Service Level Policies > Create a Policy

    Export to PDF

    Create a Policy

    To create a service-level policy, complete the following steps:

    1. Click Policies > Service level on the left pane to enter the Service level page.

    2. Click Create policy. Choose how to create this new policy.

      • Start from scratch – If you want to create a brand-new policy, select Start from scratch. The Create policy page appears.

      • Create from a policy template – Policies for Microsoft 365 provides several pre-defined policy templates for various scenarios. Clicking a policy template card will open the policy template window where you can find rules and object types available for this template.

        If you want to create a policy from a policy template, click the policy template card, select a desired object type if multiple object types are available for this policy template, and click Continue to open the Create policy page.

        On the Create policy page, the general information, rules, and settings of the selected policy template are displayed. You can make updates if necessary and then assign this new policy to a scope to monitor the objects.

    3. General information – Complete the general information as below. The icon of the selected object type and the policy name will be visible in this step to help you identify the policy as you proceed to the subsequent steps.

      • Object type – Select an object type for the policy. If you change the object type after adding rules, the previously added rules will be cleared, and this deletion is irreversible. Please pay attention when selecting the object type.

        • SharePoint site

        • OneDrive

        • Microsoft 365 Group

        • Microsoft Team

        • Microsoft 365 user

        • Exchange mailbox

        • Security and distribution group

      • Policy name – Choose a policy creation option:

        • Copy from an existing policy – If you want to reuse rules and settings of an existing policy, select this option, and select a policy that you want to copy from.

          A suffix - Copy is added to the policy name and you can modify it. The general information, rules, and settings of the selected policy template are displayed. You can make updates if necessary and then assign this new policy to a scope to monitor the objects.

          For Microsoft 365 Groups and Microsoft Teams object types, you can copy policies across object types. If some rules are not applicable to the new object type, a confirmation will appear to inform you that these rules will not be copied to the policy. For policies of other object types, you can only copy policies of the same object type.

        • Create a new policy – If you want to create a policy from scratch, select this option, and enter a policy name.

      • Description – Enter an optional description for future reference.

    4. Click Next.

    5. Rules – Click Add rule. The Add rule window appears, displaying all rules available for the object type you selected above. For the supported rules for service-level policies, refer to Supported Rules.

      1. From the rules drop-down list, select a rule to add to the policy. The configuration page of this specific rule will appear.

        You can search for a specific rule by entering the rule name in the Search text box and then selecting it from the suggestion list.

      2. If the object type of this policy is anything other than Exchange mailbox or Security and distribution group, you can find an Add a filter to this rule checkbox. Enabling it allows you to further narrow down the scope of the objects that this rule will apply to. All filters compatible with the policy’s object type are available for selection. Select an existing filter from the drop-down list, or click New to open the Create filter panel to create a new filter. Click View details to view details of the selected filter. For detailed instructions on creating a filter, refer to Filters.

        The filter added to a rule takes precedence over the filter added to a policy. Once a filter is added to a rule, the filter added to the policy will be ignored when evaluating the conditions. This lets you add multiple rules of the same type to one policy to manage different objects.

      3. Configure rule settings. You can also update rule settings after adding the rule by clicking the Settings button next to the corresponding rule name.

        While detailed rule settings differ from one another, there are some common optional settings among rules:

        • Automatically fix violations – Most rules support the Auto Fix Violations feature, enabling automatic correction of out-of-policy settings when violations are identified. You can enable this feature by selecting the available auto-fix actions under the If violations are identified, take the following action to automatically fix the violations setting.

          If you prefer to analyze a violation before fixing it, you can leave the auto-fix actions unselected to disable the Auto Fix Violations feature. All violations can be found on the violations report, where you can view details and manually fix violations by clicking the Fix button.

          For rules that do not support the Auto Fix Violations feature, you can find the violations on the violations report and then manually fix these violations by clicking the Fix button.

        • Send email notifications – You can choose whether to send email notifications to relevant parties when violations are identified.

          After enabling the setting, you need to designate recipients separately for admins and end users, and select the corresponding email templates. Refer to Notifications to prepare the email templates for admins and end users.

          Admins typically refer to the following users. Different rules may support different admin options.

          • Site collection administrators

          • Site owners

          • Group/Team owners

          • Primary or secondary site contacts (a site property deployed by Cloud Governance)

          • Other designated users or groups within the Microsoft 365 tenant

          End users usually refers to the users whose actions violate rule settings.

        • Independent scan interval – Depending on the size of your Microsoft 365 environment, the Enforce policy job for some rules may take a significant amount of time to complete. For rules that require a lower frequency, you can set independent scan intervals – the independent scan interval takes precedence over the general policy-level schedule. Note that this setting is only available for rules that require a lower frequency. For a full list of these rules, refer to Rules that Require Lower Frequency for Policy Schedule.

      4. Click Add to policy. The number of added rules is displayed in the Rules step.

      5. Repeat the steps above to add more rules to the policy. All added rules, along with their filters, are displayed in the Rules section.

        You can further manage these rules as below:

        • Configure rule settings – You can click the Settings button next to a rule to configure the detailed rule settings.

        • Activate or deactivate rules – You can activate or deactivate a rule by turning on or off the toggle. When a rule is deactivated, user activities and changes that should be controlled by this rule will not be monitored when running jobs to enforce this policy. Note that you must activate at least one rule for each policy.

        • Delete rules – You can click the Delete button next to a rule to delete the rule if it is not useful in this policy.

        • Configure running order – If multiple rules are added to the policy, you can configure the running order for these rules.

    6. Click Next.

    7. Assign policy – Assign policy to a scope.

      • Filter – If the object type of this policy is anything other than Exchange mailbox or Security and distribution group, the Filter setting will be available. A filter allows you to apply this policy to the Microsoft 365 objects that meet the defined filter conditions.

        Select an existing filter from the drop-down list, or click New to open the Create filter panel to create a new filter. Click View details to view details of the selected filter. For detailed instructions on creating a filter, refer to Filters.

        Some rules support their own filters. The filter added to a rule takes precedence over the filter added to a policy. Once a filter is added to a rule, the filter added to the policy will be ignored when evaluating the conditions.

      • Scope – All containers in the object type you selected above are displayed. Select containers or nodes within a container to assign the policy to containers or nodes within containers. You can use the Search text box to search for containers or search for nodes within an expanded container.

        To prevent conflicts, one node can be assigned only one policy. If a policy has already been assigned to one of the selected nodes, you’ll need to select a conflict resolution to proceed, either Keep the existing policy or Assign new policy.

    8. Click Next. The number of assigned containers and nodes is displayed in the Assign policy step

    9. Schedule – Configure additional settings as detailed below:

      • Configure a schedule for the Enforce policy job of the current policy, including the following settings:

        Depending on the scale of your Microsoft 365 environment, the Enforce policy job for some rules may take a significant amount of time to complete. For rules that require a lower frequency, you can set independent scan intervals. These independent scan intervals take precedence over the general schedule set at the policy level. For the related rules, refer to Rules that Require Lower Frequency for Policy Schedule.

        • Scan interval – Enter a positive integer and select a time unit (Hours, Days, Weeks, or Months). Policies for Microsoft 365 will start Enforce policy jobs of the current policy to scan your Microsoft 365 environment according to the configured interval. You can narrow down scan intervals to hours to detect violations sooner than a day. The minimum scan interval is 2 Hours.

        • Scan start time – When the scan interval is set to Days, Weeks, or Months, the Scan start time setting will appear below for you to specify the exact timing of job executions.

          • For daily scans, you need to set a specific time. The job will start daily at the defined time.

          • For weekly scans, you need to select a weekday (Monday to Sunday) and set a specific time. The job will start weekly at the defined date and time.

          • For monthly scans, you need to select a calendar date and time. The job will start monthly at the defined date and time

      • Retention duration – Enter a positive integer to define how many days you would like to retain the data associated with the current policy. After the retention period, the violation details and job details will be removed from the Policy for Microsoft 365 system.

    10. Click Next.

    11. Review – Review the configured settings. If you want to update information in a step, click the Edit button and then make updates.

    12. Click Save draft to create the policy, and you can publish the policy once it is finalized; click Publish to publish the policy, and the policy will be waiting for the execution based on the configured schedule; click Publish and run now to publish the policy and run a job immediately. To exit without saving changes, click Cancel.