: Enable Group-Based Policy
Focus
Focus

Enable Group-Based Policy

Table of Contents

Enable Group-Based Policy

Learn how to enable group-based policy on
Data Security
.
Group-based visibility on
Data Security
requires Azure Active Directory integration, which has many benefits, including the ability to create policies that enforce compliance with your corporate use policy based on the groups to which your end users belong. First, however, you must Connect Azure Active Directory to SaaS Security. Group-based policy applies to asset rules only because enforcement requires the file owner’s group as match criteria.
If a group or a user is removed from the AD catalog,
Data Security
automatically closes the incidents for that group or user. This process normally takes up to 48 hours; in some cases, when you have millions of incidents,
Data Security
requires multiple days to close the incidents.
  1. As you configure the rule:
    1. Select
      File Owner’s Group
      as match criteria.
    2. Use the
      Equals
      or
      Does not Equal
      operator to select the AD group and
      Add another
      to match on any or all selected groups.
    You can also apply policy when group information is
    Not Available
    . This can happen because the asset owner has a username instead of an email address or because the user does not belong to any of the 100 Azure AD groups for which the
    Data Security
    service has user-group mapping information.
  2. Save
    the new rule when you’re done choosing among the other options.

Recommended For You