Learn how to enable group-based policy on Data Security.
Where Can I Use This?
What Do I Need?
NGFW (Managed by Strata Cloud Manager)
Prisma Access (Managed by Strata Cloud Manager)
Data Security license
Or any of the following licenses that include the Data Security license:
CASB-X
CASB-PA
The steps to enable group-based policies are the same for
both new customers integrating CIE with Data Security and
legacy customers integrating Azure Active Directory with Data Security.
Use the Equals or Does not
Equal operator to select the AD group and
Choose a group to match on any or all
selected groups.
You can also apply policy when group information is Not
Available. This can happen because the asset owner has a
user name instead of an email address or because the user does not belong to
any of the 100 Azure AD groups for which the Data Security service
has user-group mapping information.
Create the new policy when you’re done choosing among
the other options.
If a group or a user is removed from the AD catalog,
Data Security automatically closes the incidents for that group
or user. This process normally takes up to 48 hours; in some cases, when you
have millions of incidents, Data Security requires multiple days to
close the incidents.