Creating a Private Access Control Rule

Configure a private access control rule to control access to your organization's internal apps based on user, device, time, and location.

Note:

Trend Micro Vision One automatically creates a default private access rule to apply whenever no other private access rules are matched. The default rule blocks all access to configured internal apps.

  1. On the Secure Access Rules screen, click the Private Access Control tab and then click Create Rule.

    The rule configuration screen appears with the Internal app access rule template selected.

  2. Specify a unique name and a description for the rule.
  3. (Optional) To enable or disable the rule, click the toggle next to Status.
    Tip:

    You can also enable or disable rules on the Secure Access Rules tab.

  4. Configure the following rule factors.

    Rule Factor

    Description

    Options

    Source

    The users, devices, and locations that the rule applies to

    User/user groups

    Specify users and groups from your IAM system.

    Note:

    If you have configured more than one IAM system, the IAM system with SSO enabled applies.

    Devices

    Select the devices to which the rule applies based on the devices' security posture profiles.

    Note:

    This option does not apply to browser access enabled applications. This means that, end users can launch their allowed browser access enabled applications from the user portal, regardless of the security posture of the devices they are using.

    To add a device posture profile, click Create device posture profile. For more information, see Adding a Device Posture Profile.

    Locations

    Specify public/home network locations defined by IP address groups or geographic regions.

    • Locations identify roaming users, such as users connecting to public Wi-Fi networks or working from home.

      Tip:

      To define a new public/home network location using one or more IP addresses, click Add public IP address group.

    Destination

    The internal apps that the rule applies to

    Applications

    Specify previously configured internal applications.

    Tip:

    To add an internal app, click Add Internal Application on the Select Apps screen. For more information, see Adding an Internal Application to Private Access.

    Schedule

    The weekly period that the rule is applied

    To configure the recurrence of the schedule, select Only apply the rule during the specified period, and then select a start date and end date.

    Note:

    The schedule uses the defined time zone of the console.

    Action

    The action taken when the rule is triggered

    Access control

    Allow, block, or monitor access to internal applications.

    Note:

    Select Monitor Internal App Access to allow the internet access but log the activity.

    For more information about actions, see Zero Trust Actions.

  5. Click Save.

    The rule is successfully created and listed on the Private Access Control screen.