Only Tenant Admins and Playbook Admins can create and edit custom policies. For more information, please refer to the “New playbook roles” article relative to your package.
What is a custom policy?
A custom policy is a policy that you formulate from the ground up. Before you begin creating a custom policy, ensure you have a well-defined plan for its key elements:
- Definition: determine the anomalies the policy will identify (e.g. users without MFA enabled).
- Remediation: decide how the policy will resolve anomalies (e.g. sending a report to the user's manager).
Unlike Out-of-the-Box policies, where the remediation action is predefined, custom policies provide you with the flexibility to choose the type of remediation you want to apply (either “Workflow” or “Send report”).
If you opt for a workflow as remediation, you must create your own workflow in advance.
- Schedule: establish whether the remediation should occur automatically or manually.
Once you have identified the elements above, you can start creating your custom policy.
Where can I create a custom policy?
Regular custom policies can be created either from a report that supports the creation of custom policies or within the “Playbooks” section under “SETTINGS”. For more information, please refer to the Create a custom policy article.
Event-based custom policies can also be created from the “Audit” reports. For more information, please refer to the “Create an event-based custom policy article relative to your package.