Creating a Private Access Control Rule

Configure a secure access rule to control access to your organization's internal apps by user, device, time, and location.

Define your enterprise applications and create private access control rules to allow or block access to these apps that meet the security needs and policies of your organization.

Trend Micro Vision One provides a default rule for private access control. The default rule is not editable and always has the lowest priority among all private access control rules. It will be applied if no other rules are matched and set to not allow any access to any configured internal app.

  1. On the Secure Access Rules screen, click the Private Access Control tab and then click Create Rule.

    The rule configuration screen appears.

  2. Specify a unique name and a description for the rule.

    By default, the rule template name and description are displayed as the rule name and description.

  3. Click the toggle next to Status to enable or disable the rule.

    You can also choose to enable or disable a rule on the Secure Access Rules screen after you create the rule.

  4. Configure the following Apply to rule factors.

    Rule Factor

    Description

    App

    Select the internal apps that the rule applies to. Options include:

    • All apps: All the internal apps that have been added on the Internal Applications screen

    • Client access enabled apps: A subset of added internal apps that are enabled with client access.

    • Browser access enabled apps: A subset of added internal apps that are enabled with browser access.

    To add an internal app, click Add Internal Application on the Select Apps screen. For more information, see Adding an Internal Application.

    User

    Select the users that the rule applies to. Options include:

    • All users: All the users from your IAM system

    • Selected users / groups: A subset of users from your IAM system

    Device

    Select the devices to which the rule applies based on the devices' security posture profiles.

    Note:

    This option does not apply to browser access enabled applications. This means that, end users can launch their allowed browser access enabled applications from the user portal, regardless of the security posture of the devices they are using.

    To add a device posture profile, click Create device posture profile. For more information, see Adding a Device Posture Profile.

    Time

    Select the periods of time that the rule applies to. Options include:

    • Always: The rule takes effect all the time once created and enabled

    • Custom: Customize the time and date when the rule takes effect

    Note:

    Trend Micro Vision One applies the rule according to the current time zone specified for the Trend Micro Vision One console.

    Location

    Select which geographic locations that the rule applies to.

  5. Select an action.
    • Block Internal App Access

    • Monitor Internal App Access

    • Allow Internal App Access

    For more information about actions, see Zero Trust Actions.

  6. Click Save.

    The rule is successfully created and listed on the Private Access Control screen.