>
    View Misconfigured Settings Detected by SSPM
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. Assess Posture Security
    4. View Misconfigured Settings Detected by SSPM
    Download PDF
    SaaS Security

    View Misconfigured Settings Detected by SSPM

    Table of Contents

    View Misconfigured Settings Detected by SSPM

    You can view misconfigured settings through built-in SaaS Security Posture Management rules, or through policies that you define.
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Strata Cloud Manager)
    • SaaS Security Posture Management license
    Or any of the following licenses that include the Data Security license:
    • CASB-X
    • CASB-PA
    SSPM updated its terminology related to policies in July 2024. Previously, the term policy referred to a built-in recommendation for securing SaaS apps. Each policy was a grouping of similar settings, related to the recommendation, across all apps. What was previously called a policy in SSPM is now called a rule. The purpose and behavior of rules are the same as when they were called policies; only the name has changed.
    The term policy now refers to an administrator-defined grouping of SaaS app instance settings for SSPM to monitor.
    From the Security Configurations view in SaaS Security Posture Management, you can quickly identify misconfigured settings in your SaaS apps. You can then navigate to details about a misconfigured setting to remediate the problem.
    SSPM has built-in rules for alerting you to misconfigured settings across all SaaS apps that were onboarded to SSPM. You can also define policies, which alert you to misconfigured settings for a group of app instances and settings that you specify.
    Rules — Rules are predefined groupings of similar settings across SaaS apps. Each rule describes a security best practice. For each SaaS app that SSPM supports, SSPM maps the SaaS app's settings to the related SSPM rules.
    For example, SSPM defines a rule that recommends that MFA is implemented to prevent attackers from using stolen credentials to access sensitive SaaS apps. For Dropbox, the setting Two-step verification maps to this rule. For Office 365, the settings that map to this rule include Enable policy to block legacy authentication, Require MFA for all users, and Require MFA for administrative roles. When SSPM detects that an app setting is misconfigured, it triggers a violation for the setting. On the Security Configurations view, SSPM changes the associated rule's status to Failed. A daily digest email that SSPM sends to the app owner also includes information about failed rules.
    Policies — Like rules, policies are associated with SaaS app settings. The difference is that policies are not predefined by SSPM. Instead, you create policies to monitor specific settings for specific app instances. This capability helps you to concentrate your attention on the apps and settings that are most critical to your organization. When SSPM detects a new violation status for any of the settings that the policy is tracking, SSPM changes the policy's status to Failed. A daily digest email that SSPM sends to the app owner also includes information about failed policies.
    For example, for the subset of apps that are most critical to your organization, enforcing multi-factor authentication (MFA) and limiting session length might be of primary importance to you. In this case, you could create a policy that monitors only these critical apps and only the settings related to MFA and session duration. If SSPM detects a new violation in these settings, SSPM updates the policy status on the Security Configurations page. In this way, SSPM helps you track the status of your most critical apps to maintain a healthy security posture.
    1. Log in to Strata Cloud Manager.
    2. Select ManageConfigurationSaaS SecurityPosture SecuritySecurity Configurations.
    3. Select the tabs to view either the predefined Rules or the administrator-defined Policies.
    4. In the table, locate rules or policies that have a Failed status.
    5. Investigate the Failed status.
      • To investigate a failed rule:
        1. Click the Rule Name to view the app settings that SSPM monitors for the rule or policy.
        2. In the list of settings, locate the ones that have a violation. Click the setting name to view details about the violation, including the current value of the settings and the recommended value. Follow the remediation instructions, or, if automated remediation is available for the app, have SSPM Remediate the setting.
      • To investigate a failed policy:
        1. For the failed policy, identify the apps that are being monitored by the policy. This information is shown in the Applications column of the table.
        2. Navigate to the Applications page (Posture SecurityApplications).
        3. Locate the apps that are being monitored by the policy, and View Details.
        4. In the list of settings, locate the ones that have a violation. Click the setting name to view details about the violation, including the current value of the settings and the recommended value. Follow the remediation instructions, or, if automated remediation is available for the app, have SSPM Remediate the setting.

    © 2025 Palo Alto Networks, Inc. All rights reserved.