Manage a policy

Complete these tasks to manage or modify your policies.

Copy a policy

You can copy an existing policy to create a policy that contains the same or similar settings.

You must be an ETP administrator to perform this task. If you are a delegated administrator or strict delegated administrator, you can copy the policies you created or the policies that you are allowed to access.

To copy a policy:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Policies.

  2. On the Policies page, hover over the policy that you want to copy.

  3. Click the copy icon. The Copy Policy dialog appears.

  4. If you want to copy the locations that are assigned to the policy, select Include location assignments.

  5. Click Copy. A copy of the policy is created and appears on the Policies page.

Next steps

Edit the policy to modify settings associated with the copied policy.

Delete a policy

You can delete a policy only when it is not assigned to a location. To perform this task you must be an ETP administrator. If you are a delegated administrator or strict delegated administrator, you can delete the policies you created or the policies that you are allowed to access.

To delete a policy:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Policies.

  2. On the Policies page, hover over the policy that you want to delete.

  3. Click the trash can icon.

  4. Click Yes to confirm the deletion.

Next steps

Deploy these configuration changes to the ETP network. For instructions see Deploy configuration changes.

Search for a policy

On the Policies page, a search option is available at the top of the page. You can provide a search value such as the policy name or the name of a location that's associated with the policy.

📘

If you are a delegated administrator or a strict delegated administrator, this operation only finds the policies that you are allowed to access.

To search for a policy:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Policies.

  2. Click the search icon.

  3. Enter a search term. A filtered list based on the provided search term appears.

Add email addresses for alert notifications

ETP super administrators can enter email addresses of users receiving alert notifications. You can provide these email addresses on the Communication page or in a specific field on the Policies page. This procedure describes how to add email addresses on the Policies page.

When a new alert is detected, those who are configured to receive alert notifications are sent notifications at near real-time. If more alerts occur within a five minute period, the user is notified about these alerts after the five minutes. Data in email notifications are organized by domain. If an alert is detected in multiple locations, alert information is also organized by location. The email also contains other important alert information, such as the associated policy, list, and the action taken on the alert.

To add email addresses for alert notifications:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Policies.

  2. Click the email icon.

  3. In the field for alert notification emails, enter an email address and press Enter on your keyboard. You can also paste multiple email addresses into the field. Click OK.

  4. Click Save.

Next steps

On the Communication page, you can assign specific locations that you want a user to receive notifications about. Unless you assign specific locations, users receive notification information about all locations. To assign locations, see Assign locations for alert notifications.

Assign a location or sub-location to a policy

While you can assign locations or sub-locations to a policy from the Create Policy or Edit Policy pages, you can also easily assign locations or sub-locations to a policy from the Policies page.

You need to be an ETP super administrator, delegated administrator, or a tenant administrator to perform this task.

If you are a delegated or strict delegated administrator, you can assign a location or sub-location that you are allowed to access to a policy you are permitted to manage.

To assign a location to a policy:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Policies.

  2. Go to the policy that requires a location or sub-location assignment and click the chain icon for a location or sub-location. A dialog appears.

  3. Select the locations that you want to assign to the policy. You can also use the search field to find a location.

  4. Click Associate.

Next steps

Deploy the location configuration change to the ETP network. For more information see Deploy configuration changes.

Apply a security template to a policy

You can apply a security template to define the policy actions of threat categories. To block known and most suspected categories, you can select the strict template. If you are testing a policy configuration, you can apply the monitor-only template to assign the monitor action to all known and suspected threat categories.

To apply a security template to a policy:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Policies.

  2. If you are creating a new policy, click the plus icon and complete these steps:

    1. Enter a name and description for the policy in the Name and Description field.

    2. To configure a policy with settings from a predefined template, select one of these templates and click Continue:

      • Strict. Contains settings that block known and most suspected threat categories. Select this template to apply settings that are a best practice for a policy.

      • Monitor-only. Logs and reports threats but it does not block them. This template is ideal for testing or assessing policy impact before using the Strict template. This template assigns the monitor policy action to all known and suspected threat categories.

      • Custom. Lets you define policy actions for known and suspected threats.

  3. If you are modifying a policy, click the name of the policy.

  4. To configure other policy settings, such as proxy settings and the AUP, see Create a policy.

  5. Click Save. If you want to save and deploy the policy, click Save and Deploy.

Next steps

If you haven’t deployed the policy, make sure you deploy it to the ETP network. For instructions, see Deploy configuration changes.

Bypass Microsoft 365 traffic

The Bypass Microsoft 365 Traffic setting allows ETP to quickly identify and resolve requests to Microsoft apps and services. With this setting, domains and IP addresses that are associated with Microsoft Office apps, Outlook, cloud storage, and more bypass ETP Proxy scanning. This one-click option automatically retrieves the latest domains and IP addresses from Microsoft to ensure requests are securely bypassed. By leveraging ​Akamai​'s network of servers, this setting provides optimal routing to access these services.

To enable the Bypass Microsoft 365 Traffic setting and modify an existing policy:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Policies.

  2. Click the name of the policy that you want to edit.

  3. Click the Settings tab.

  4. In the Proxy Settings area:

    1. Make sure the Enable Proxy toggle is turned on.

    2. Enable Bypass Microsoft 365 Traffic:

  5. In the Other Settings area, enable Forward Public IP to Origin. This setting is recommended when you optimize Microsoft 365 traffic.

  6. Click Save. If you want to save and deploy the policy, click Save and Deploy.

Next steps

If you haven’t deployed the policy, make sure you deploy it to the ETP network. For instructions, see Deploy configuration changes.

Enable SafeSearch

SafeSearch blocks explicit content from search results that are performed in Google or Bing search engines.

To enable SafeSearch in an existing policy:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Policies.

  2. Click the name of the policy that you want to edit.

  3. Click Settings.

  4. In the Browsing Restrictions area of the page, toggle the Safe Search setting to enable it.

  5. Click Save. If you want to save and deploy the policy, click Save and Deploy.

Next steps

If you haven’t deployed the policy, make sure you deploy it to ETP network. For instructions, see Deploy configuration changes.

Configure YouTube restricted mode

To restrict access, you can select Strict or Moderate mode. Strict mode gives users access to a more limited or restricted collection of video content, while moderate allows users to access a larger collection of restricted videos.

To configure YouTube restricted mode in an existing policy:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Policies.

  2. Click the name of the policy that you want to edit.

  3. Click Settings.

  4. Navigate to the Browsing Restrictions area of the page.

  5. Depending on the restricted mode you want to use, in the YouTube menu, select Strict or Moderate.

  6. Click Save. If you want to save and deploy the policy, click Save and Deploy.

Next steps

If you haven’t deployed the policy, make sure you deploy it to the ETP network. For instructions, see Deploy configuration changes.

Select a proxy logging mode

Before you begin
Set up ETP Proxy

If the ETP proxy is enabled, you can select a logging mode to define the details that are recorded in ETP reports. By default, policies with the ETP proxy are configured with Level 1, a comprehensive mode that records the hostname, path and query string in the URL, as well as the response and request headers. For more information on the different logging modes, see Proxy logging mode.

This procedure assumes you're modifying an existing policy that is enabled with ETP Proxy. Any logging mode that you select affects future HTTP or HTTPS events only. It does not change the information recorded for past events.

To select a proxy logging mode:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Policies.

  2. Click the name of the policy that you want to edit.

  3. Click Settings.

  4. Go to the Proxy Settings area.

  5. In the Proxy Logging Mode menu, select a new logging mode level.

  6. Click Save. If you want to save and deploy the policy, click Save and Deploy.

Next steps

If you haven’t deployed the policy, make sure you deploy it to the ETP network. For instructions, see Deploy configuration changes.


Did this page help you?