Only Tenant Admins and Playbook Admins can create and edit custom policies.
What is a custom policy?
A custom policy is a policy that you formulate from the ground up. Before you begin creating a custom policy, ensure you have a well-defined plan for its key elements:
- Definition: determine the anomalies the policy will identify (e.g. users without MFA enabled).
- Remediation: decide how the policy will resolve anomalies (e.g. sending a report to the user's manager).
Unlike out-of-the-box policies, where the remediation action is predefined, custom policies provide you with the flexibility to choose the type of remediation you want to apply (either “Workflow” or “Send report”).
- Schedule: establish whether the remediation should occur automatically or manually.
- Scope: decide whether the policy should apply to the entire tenant or be limited to a specific Virtual Tenant.
Once you have identified the elements above, you can start creating your custom policy.
Where can I create a custom policy?
Regular custom policies can be created either from a report that supports the creation of custom policies or within the “Playbooks” section under “SETTINGS”. For more information, please refer to the Create a custom policy article.
Event-based custom policies can also be created from the “Audit” reports. For more information, please refer to the Create an event-based custom policy article.