Adding Advanced Threat Protection Policies

Cloud App Security provides two default ATP policies for each protected application or service.

Policy

Description

Default ATP policy

  • This policy contains preconfigured settings and you can change them as necessary.

  • This policy applies to all targets in your company.

  • This policy is disabled by default.

  • This policy has the lowest priority.

Default ATP policy (monitor only)

  • This policy works in monitor mode to scan email messages or files in your application or service and record detections in logs, without taking actions. This helps evaluate the Cloud App Security capability with zero impact on mail flow and file sharing.

  • This policy contains preconfigured settings and you can change them as necessary, except for the following:

    • All actions are fixed to Pass and not configurable.

    • The Monitor and log only option in Virtual Analyzer is selected and not configurable.

  • This policy applies to all targets in your company.

  • This policy is disabled by default.

  • This policy takes precedence over the default ATP policy in non-monitor mode. It has the second-to-last priority.

Perform the following steps to add an ATP policy.

  1. Go to Advanced Threat Protection.
  2. From the Current organization drop-down list, select the organization for which you need to create policies, and click Add.
  3. Select the policy to create based on the application or service.

    You can create policies for the applications and services that have been provisioned.

  4. Configure policy settings.
  5. If you have configured multiple policies for one application or service, adjust policy priorities as required by dragging a policy and placing it at the desired priority.
    Note:

    Policies are applied in order from the highest priority to lowest priority. If you enable real-time scanning for more than one policy, only the policy with the highest priority is applied. The default policy always has the lowest priority and will be applied if no other policies are matched.