Getting Started
  • Getting Started
  • SaaS Security Documentation
  • All Documentation
>
Define Your Internal Domains
Focus
Download PDF
Focus
  1. Home
  2. SaaS Security
  3. Get Started with Data Security
  4. Configure Settings on Data Security
  5. Define Your Internal Domains
Download PDF
SaaS Security

Define Your Internal Domains

Table of Contents

Define Your Internal Domains

Add internal domains to Data Security to determine if an asset is being shared externally with an untrusted user.
One of the first things you need to do is to define your internal domains. Data Security uses the list of internal domains you define to determine if the Collaborators on an asset are internal to your company, or if the asset shared with external users. Data Security determines this by matching the domain name in a collaborator’s email address against the list of internal domains defined. Depending on your policy rules, Data Security identifies an asset as an incident if shared with external users.
A trusted collaborator overrides untrusted domains. Similarly, an untrusted collaborator overrides a trusted domain. For example, you might determine that there is no business reason to trust a file modification from fax_service@mycompany.com.
Because Data Security uses the internal domains list to determine the Exposure Level of an asset during the scan process, you must define your internal domains list before you begin scanning your cloud apps. Additionally, you can build in flexibility when you define your internal domains:
  • Wildcard matching—Use of wildcard (*.<domain>) is supported.
  • Subdomains—You don't need to explicitly list subdomains; instead, use a wildcard (*.<domain>).
When you modify the internal domains list, consider that you might need to update the exposure, depending on the discovery state for a given asset:
Asset
Rescan required to update exposure?
Existing, discovered assets
Yes. Rescan to enable Data Security to recalculate exposure.
Future, undiscovered assets
No. Data Security automatically recalculates the exposure.
The Internal Domains list applies to all cloud apps on Data Security so you must be an administrator with a Super User role or an Admin role with access to All Apps to modify this setting.
  1. To add your internal domains, select SettingsManage DomainsInternal DomainsEdit.
  2. Enter a comma-separated list of your Internal Domains.
    The internal domain you add here is displayed in the All Domains section only where there is an asset associated with the domain.
  3. To define any of the domains listed under the All Domains section as Trusted or Not Trusted, use the Actions menu against that domain.
  4. Save your changes.

Technical Documentation

Company

Legal Notices

© 2025 Palo Alto Networks, Inc. All rights reserved.