>
    Strata Copilot
    Fine-Tune Policy
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. Data Security Administration
    4. Fine-Tune Policy
    Download PDF
    SaaS Security

    Fine-Tune Policy

    Table of Contents

    Fine-Tune Policy

    Learn how to modify your policies on Data Security to suit your unique needs.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • Data Security license
    Or any of the following licenses that include the Data Security license:
    • CASB-X
    • CASB-PA
    Fine-tuning policy for a managed app in Data Security provides visibility into the data sharing and collaboration activities of your users. This allows you to flag non-compliant behavior so you can manage user activity, govern application usage, secure corporate data, and prevent data loss due to malicious or inadvertent user actions.
    Data Security includes six predefined data policies that are automatically applied when Data Security scans the assets in the connected applications, but you can edit, delete, or disable rules to better suit your security needs.

    Edit a Policy

    Learn how to edit an existing policy on Data Security.
    When you edit a policy, Data Security scans all content against the newly defined criteria to assess incidents.
    1. Log in to Strata Cloud Manager.
    2. Select ConfigurationSaaS SecurityData SecurityPolicies<Data Asset/User Activity/Security Control> policies.
    3. To edit your policy, do one of the following:
      • Click on the vertical dots menu under Table Actions against your policy and then click Edit.
      • Click on your Policy Name.
    4. Edit the following options as required:
      1. Edit the Policy Name.
      2. Update the Description.
      3. Set the Severity for the policy rule.
      4. Verify the policy rule is Enabled.
      5. For:
        • User Activity Policies: Under Items to Detect select Users or Assets (such as files or folders)
        • Security Control Policies: Under Security Control Criteria, edit the Sanctioned Applications drop-down, Risky Domains, and ADVANCED OPTIONS sections.
      6. Edit the Match Criteria for Data Asset Policy Rules and User Activity rules.
      7. Select what Actions, if any, you want to select for Automatic Incident Remediation Options.
      8. Save your changes.

    Delete a Policy

    Learn how to delete policies on Data Security.
    You can delete a policy on Data Security if you no longer need it, but as a best practice, don't delete a policy until you have reviewed any associated incidents.
    1. Log in to Strata Cloud Manager.
    2. Select ConfigurationSaaS SecurityData SecurityPolicies<Data Asset/User Activity/Security Control> policies.
    3. To delete your policy, click on the vertical dots menu under Table Actions against your policy and then click Delete. A confirmation message is displayed.
      Choose:
      • Delete all associated incidents to delete all incidents associated with the policy permanently.
      • Close all associated incidents to close all incidents associated with the policy. The closed incidents are not deleted but moved to the In the Cloud state.

    Disable a Policy

    Learn how to disable policies on Data Security.
    You can disable a policy on Data Security if you no longer need it, but as a best practice, don't disable a policy until you have reviewed any associated incidents.
    1. Log in to Strata Cloud Manager.
    2. Select ConfigurationSaaS SecurityData SecurityPolicies<Data Asset/User Activity/Security Control> policies.
    3. To disable your policy, do one of the following:
      • Click on the vertical dots menu under Table Actions against your policy and then click Disable.
      • Click on your Policy Name. In the editing page, disable the Status.
      Data Security displays the disabled policy under the Disabled list.

    © 2026 Palo Alto Networks, Inc. All rights reserved.