Get started with app policies (Microsoft)

0
(0)

Policies for app governance are a way to implement proactive and reactive alerts and automatic remediation for your specific needs for app compliance in your organization.

To see your list of current app policies, go to Microsoft 365 Defender > App governance > Policies. This will show you a list of all the policies you have created in app governance and in Microsoft Defender for Cloud Apps. In built threat detection policies will not show up here, but you can read more about these here

The app governance policies summary page in the Microsoft 365 Defender.

What’s available on the app policies dashboard

You can see the number of active, inactive, and audit mode policies, and the following information for each policy:

  • Policy name
  • Status
    • Active: All policy evaluation and actions are active.
    • Inactive: All policy evaluation and actions are disabled.
    • Audit mode: Policy evaluation is active (alerts will trigger) but policy actions are disabled.
  • Severity: Severity level set on any alerts triggered because of this policy being evaluated as true, which is part of the configuration of the policy.
  • Active alerts: Number of alerts generated by the policy that have an In Progress or New status.
  • Total alerts: Number of both active alerts and resolved alerts for this policy.
  • Last alert: Date of last generated alert due to this policy.
  • Last Modified: Date when this policy was last changed.

The policy list is sorted by Last modified by default. To sort the list by another attribute, select the attribute name.

When you select a policy, you get a detailed policy pane with these additional details:

  • Name
  • Severity: Based on the severity level set when the policy was created
  • Description: A more detailed explanation of the purpose of the policy.
  • Last modified
  • A list of the total and active alerts generated by this policy.

You can edit or delete an app policy by selecting Edit or Delete in the detailed policy pane or by selecting the vertical ellipses of the policy in the policy list.

You can also:

  • Create a new policy. You can start with an app usage policy or a permissions policy.
  • Export the policy list to a comma-separated value (CSV) file. For example, you could open the CVS file in Microsoft Excel and sort the policies by Severity and then Number of Total Alerts.
  • Search the policy list.

Edit an existing policy

  1. In the app governance portal, select the Policies tab.
  2. Select the policy you want to edit. A panel will open on the right side with the details of the existing policy.
  3. Select Edit.
  4. You can’t change the name of the policy once created, but you can change the description and policy severity. Select Next.
  5. Choose whether you want to continue with the existing policy settings or customize them. Select No, I’ll customize the policy to make changes. Select Next.
  6. Choose whether this policy will apply to all apps or to specific apps. Select Choose apps to select which apps to apply the policy to. Select Next.
  7. Choose whether to modify the existing conditions of the policy. If you choose to modify the conditions, select Edit or modify existing conditions for the policy and choose which policy conditions to apply. Otherwise, select Use existing conditions of the policy. Select Next.
  8. Choose whether to disable the app if it triggers the policy conditions. Select Next.
  9. Set the policy status to Audit mode, Active, or Inactive. Select Next.
  10. Review your setting choices for the policy and if everything is the way you want it, select Submit.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 8 times, 1 visits today)
Tagged: