: Enable Group-Based Policy
Focus
Focus

Enable Group-Based Policy

Table of Contents

Enable Group-Based Policy

Learn how to enable group-based policy on Data Security.
The steps to enable group-based policies are the same for both new customers integrating CIE with Data Security and legacy customers integrating Azure Active Directory with Data Security.
  1. Create a new data asset policy.
    As you configure the policy:
    1. Select File Owner’s Group as match criteria.
    2. Use the Equals or Does not Equal operator to select the AD group and Choose a group to match on any or all selected groups.
    You can also apply policy when group information is Not Available. This can happen because the asset owner has a user name instead of an email address or because the user does not belong to any of the 100 Azure AD groups for which the Data Security service has user-group mapping information.
  2. Create the new policy when you’re done choosing among the other options.
    If a group or a user is removed from the AD catalog, Data Security automatically closes the incidents for that group or user. This process normally takes up to 48 hours; in some cases, when you have millions of incidents, Data Security requires multiple days to close the incidents.