Creating a Risk Control Rule in Classic View

Configure a secure access rule to control a user or device' sign-in or app access activity based on their risk scores or risks discovered in them.

1. On the Secure Access Rules screen, click the Risk Control tab and then click Create Rule from Template.
2. Select Risk Control from the Template type drop-down list.

   The available templates appear in the list. For more information about the templates, see Secure Access Rule Templates.

3. Click a template name.

   The rule configuration screen appears.

   You can choose another rule template from the Rule template drop-down list. The configuration items vary with the template.

4. Specify a unique name and a description for the rule.

   By default, the rule template name and description are displayed as the rule name and description.

5. Click the toggle next to Status to enable or disable the rule.

   You can also choose to enable or disable a rule on the Secure Access Rules screen after you create the rule.

6. Select all or specific targets, that is, users or device platforms, that the rule applies to.
   Note:

   In this release, only All devices is supported.

7. Select the periods of time that the rule applies to.

   Options include:

   • Always: The rule takes effect all the time once created and enabled.

   • Custom: Customize the time and date when the rule takes effect.

   Note:

   Trend Micro Vision One applies the rule according to the current time zone specified for the Trend Micro Vision One console.

8. Configure the Act when rule factor based on the rule template you chose.

   This determines the criteria on which users or devices hit the rule.

9. Select an action.

   When a user or device matches the rule criteria, Trend Micro Vision One takes configured actions to control the user or device's subsequent sign-in or app access activity. For more information about actions, see Zero Trust Actions.

   Table 1. Actions for User-Targeted Rules

   User Behavior	Action
   Sign-in attempt	Whether to allow the user to sign in to a new application or browser session or continue with a currently active application or browser session Options include: Monitor Sign-In Attempt Disable User Account Force Sign Out Force Password Reset
   Internal app access	Whether to allow the user to access your organization's internal apps configured on the Trend Micro Vision One console Options include: Block Internal App Access Monitor Internal App Access
   Cloud app/URL access	Whether to allow the user to access cloud apps and external URLs on the internet Options include: Block Cloud App/URL Access Monitor Cloud App/URL Access

   Table 2. Actions for Device-Targeted Rules

   Device Behavior	Action
   Isolate Endpoint	Disconnects the target endpoint from the network, except for communication with the managing Trend Micro server product Important: The Zero Trust Secure Access app sends the command to the Response Management app to take the action. Make sure that at least one of the following supported agents is installed on your devices: Trend Micro Vision One, Apex One as a Service, Cloud One - Workload Security. For more information, see Response Actions.
   Internal app access	Allows or blocks use of the device to access your organization's internal apps configured on the Trend Micro Vision One console Options include: Block Internal App Access Monitor Internal App Access Important: Internal app access control in device-targeted rules applies only to devices deployed with the Secure Access Module. Make sure that you have deployed the Module to your devices and configured the Private Access Service in the Zero Trust Secure Access app.

10. Click the toggle next to Revoke actions to determine whether to automatically enable user account or allow app access (if actions Disable User Account and Block Internal App Access are enforced) when certain criteria are matched.

    By default, this option is enabled.

11. Click Save.

    The rule is successfully created and listed on the Secure Access Rules screen.