Edit a policy

If you are an Enterprise Threat Protector (ETP) super administrator, delegated administrator, or tenant administrator, you can modify the settings associated with a policy. If you are a delegated or tenant administrator, you can modify the policy you created or the policies that you are allowed to access.
Note: A tenant administrator cannot enable the ETP proxy and complete any step related to the proxy.

How to

  1. In the navigation menu, select Configuration > Policies.
    Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Policies > Policies.
  2. Click the name of the policy that you want to edit.
  3. Edit or enter a new name or description for the policy in the Name or Description fields.
  4. To modify the locations that are assigned to the policy:
    1. Click the link icon for Location Assignments.
    2. To assign a location, find and select the location. You can also enter the location name in the search field.
    3. To unassign a location, deselect a location.
    4. Click Associate.
  5. To modify the proxy settings, click Settings and complete these steps:
    1. To enable ETP Proxy, toggle Enable Proxy to on.
    2. To require that ETP Proxy authorizes connections from the on-premises proxy, enable Proxy Authorization. To use this setting, you must configure proxy credentials in ETP and in the on-premises proxy. For more information, see Proxy authorization.
    3. If you want to allow outbound traffic on a new origin port for the full web proxy, in the Origin Ports field, enter the port number or port range. Separate each port number or range with a comma.
    4. If you are configuring proxy chaining or the full web proxy, enable Trust XFF Header. Your organization must be licensed for ETP Advanced Threat.
      Note: The proxy chaining feature is currently in beta. To participate in the beta, contact your Akamai representative.
    5. To optimize access to Microsoft 365 apps and services, enable Optimize Microsoft 365 Traffic.
    6. If you enabled the ETP Proxy and you want to change the logging mode, select a new logging mode.
    7. If you want to assign risky domains the same action that’s assigned to a threat category, select Classify in the Risky Domains menu. If you want to allow traffic to risky domains, select Allow.
    8. If you want to assign file sharing domains the same action that’s assigned to a threat category, select Classify in the File Sharing menu. If you want to allow traffic to file sharing domains, select Allow.
    9. To select how requests are handled when ETP Proxy cannot validate a website’s origin certificate, in the Invalid Certificate Response menu, select Block - Error Page to block the request. Otherwise, you can select Bypass to bypass ETP Proxy.
    10. To select a default action for unclassified traffic and for AUP categories that have no action assigned, go to the Default Action menu and do one of the following:
      • If you want traffic to bypass ETP Proxy, select Bypass. If you are licensed for ETP Advanced Threat, this option enables the selective proxy.
      • If you want to classify traffic that is not yet classified by ETP, select Classify. If you are licensed for ETP Advanced Threat, this option enables the full web proxy.
      • If you want to block traffic, select Block - Error Page.
  6. If you want to enable ETP Client as a proxy on the client computer, in the Enable ETP Client as Proxy menu, select Yes or Only if there’s no local proxy. Otherwise, you can select No.
  7. To modify payload analysis settings, complete these steps:
    1. To enable inline payload analysis, in the Payload Analysis area, toggle Enable Inline Payload Analysis to on.
      Note: Inline payload analysis is available to organizations that are licensed for ETP Advanced Threat.
    2. If you are enabled for Advanced Sandbox and you want to change the action associated with large or huge files, select new settings. To enable Dynamic Analysis, make sure the toggle is turned on. For more information, see Payload analysis.
  8. To modify browsing restrictions, complete these steps:
    1. To enable SafeSearch, toggle Safe Search to on.
    2. To enable YouTube Restricted Mode, in the YouTube menu, select Strict or Moderate. Otherwise, you can select Unrestricted mode to allow unrestricted access to YouTube content.
  9. To modify other settings, including authentication settings, complete these steps:
    1. Make sure the option Forward Public IP to Origin is enabled. This setting forwards the user’s public IP address to authoritative DNS servers and web servers, and it identifies the geolocation of clients. If you enabled the Optimize Microsoft 365 Traffic option, make sure you also enable this setting.
    2. To change authentication settings, select a new mode from the Authentication Mode menu. If you select Require or Optional, you must select an identity provider.
  10. To change the policy action that’s associated with a threat category or custom list that you want to modify, in the Threat or Custom Lists tab:
    1. Navigate to the threat category or custom list that you want to configure with a new action. Click the Action menu for known or suspected domains or IP addresses.
    2. If applicable, select a new response and Security Connector.
    Note: On the Threat tab, you can also select a predefined security template. For more information, see Security templates.
  11. To add a list to the policy, see Add a list to a policy.
  12. If you are participating in the data loss prevention (DLP) beta and you want to associate a DLP dictionary, complete these steps:
    1. In the DLP tab, click the link icon and select a dictionary or multiple dictionaries.
    2. Click Associate. By default, DLP dictionaries are assigned the Monitor action.
    3. To assign the Block - Error Page action, select it from the Action menu.
      Note: You must have enabled ETP Proxy and inline payload analysis to complete this step. This feature is in beta and available to organizations that are licensed for ETP Advanced Threat.
    4. To remove a dictionary, click the delete icon.
  13. To modify alert settings, toggle the Send Alert option to enable or disable alerts.
  14. To modify the Acceptable Use Policy (AUP):
    1. In the Acceptable Use Policy tab, click the arrow icon to expand categories that contain subcategories.
    2. To allow content for any AUP category or subcategory, make sure that the Block option is deselected.
    3. To block content in any of the provided categories or subcategories, select Block. If ETP Proxy is not enabled, do one of the following to select the response to the user:
      • To show an end user a custom error page, select Error Page.
      • To show an end user a browser-specific error page and direct traffic to a custom response that’s already configured in ETP, select the custom response from the list. To configure a custom response, see Add a custom response.
    4. If you enabled authentication and you want to grant specific users or groups access to a blocked category or subcategory, see Grant specific users or groups access to an AUP category or subcategory.
    5. If you want a category to bypass ETP and ETP Proxy, select the bypass action. This action is useful when you want to protect user privacy in categories that are associated with sensitive information, such as the Finance & Investing and the Healthcare categories.
  15. Click Save.

Next steps

After you edit a policy, you must deploy the configuration changes to the ETP network. For instructions see Deploy configuration changes.