Configure default policy violation actions
You can set a default violation action – either Deny or Allow & Log. The action that occurs depends on whether a match is found with an existing policy.
-
If a policy match is not found, CASB applies the default violation action using a policy called TenantDefaultAction. For example, if the default violation action is set to Deny, and no policy match is found, CASB applies a Deny action.
-
If a policy match is found, CASB applies the action from that policy, regardless of which default violation action is set. For example, if the default violation action is set to Deny, and CASB finds a matched policy with an action of Allow & Log for a specific user, CASB applies the Allow & Log action for that user.
To set a default policy violation action:
-
Go to Administration > System Settings > Advanced Configuration and click the Proxy Settings tab.
-
From the Default Violation Action dropdown list, select either Deny or Allow & Log, and click Save.