Adding ATP Policies

Cloud App Security provides two default ATP policies for each protected service.

Policy

Description

Default ATP policy

  • This policy contains preconfigured settings and you can change them as necessary.

  • This policy applies to all targets in your company.

  • This policy is disabled by default.

  • This policy takes precedence over the default ATP policy in monitor mode.

Default ATP policy (monitor only)

  • This policy works in monitor mode to scan email messages or files in your service and record detections in logs, without taking actions. This helps evaluate the Cloud App Security capability with zero impact on mail flow and file sharing.

  • This policy contains preconfigured settings and you can change them as necessary, except for the following:

    • All actions are fixed to Pass and not configurable.

    • The Monitor and log only option in Virtual Analyzer is selected and not configurable.

  • This policy applies to all targets in your company.

  • This policy is disabled by default.

  • For Microsoft Teams, this policy is automatically created every time you provision or re-provision a service account.

  • For the other services, this policy is automatically created only when you provision a service account with a CLP account that has not been used in Cloud App Security.

Perform the following steps to add an ATP policy.

  1. Go to Advanced Threat Protection > Add.
  2. Select the policy to create based on the service.

    You can create policies for the services that have been provisioned.

  3. Configure policy settings.
  4. If you have configured multiple policies for one service, adjust policy priorities as required by dragging a policy and placing it at the desired priority.
    Note:

    Policies are applied in order from the highest priority to lowest priority. If you enable real-time scanning for more than one policy, only the policy with the highest priority is applied. The default policy always has the lowest priority and will be applied if no other policies are matched.