Data Security provides predefined policies that are automatically applied after you add a cloud app and Data Security scans the assets on that cloud app, if predefined policies are Enabled. By default, policies are Disabled. Predefined policies help you identify security threats without the need to create a policy from scratch.

The immediate results from predefined polices help you identify what sensitive content you have and evaluate and understand how those policies are working on that content. Later, you can modify—to change the underlying predefined profile—clone, disable, or delete these policies; however, if you want to modify the predefined policy, the SaaS Security team recommends that you clone the predefined policy so that you can retain the original predefined policy, then fine-tune the new policy to meet your unique needs.

Predefined policies discover commonly known sensitive content and are based on strong security practices; when applicable, the data patterns that underlie these predefined policies are based on predefined profiles of the same name. The same predefined policies are available whether or not you have SaaS Security with Enterprise DLP Add–on, although the availability of predefined profiles differs.

All predefined policies use Basic criteria matching: a policy can be configured to add individual match criteria using a dropdown list and an interactive UI (Basic) or a query search (Advanced).