Edit a policy
If you are an ETP super administrator, delegated administrator, or tenant administrator, you can modify the settings associated with a policy. If you are a delegated or tenant administrator, you can modify the policy you created or the policies that you are allowed to access.
Note: A tenant administrator cannot enable the ETP proxy and complete any step related to the proxy.
In the navigation menu, select
.Note: If you are trying the new Enterprise Center interface, in the navigation menu, select .
- Click the name of the policy that you want to edit.
- Edit or enter a new name or description for the policy in the Name or Description fields.
To modify the locations that are assigned to the policy:
- Click the link icon for Location Assignments.
- To assign a location, find and select the location. You can also enter the location name in the search field.
- To unassign a location, deselect a location.
- Click Associate.
Click the Settings tab and
complete the following fields:
- Enable Proxy. Toggle on to the enable the ETP Proxy.
- Proxy Authorization. Toggle on to require that ETP Proxy authorizes connections from the on-premises proxy. To use this setting, you must configure proxy credentials in ETP and in the on-premises proxy. For more information, see Proxy authorization.
- Origin Ports. If you want to allow outbound traffic on a new origin port, enter the port number or port range. Separate each port number or range with a comma. By default, the full web proxy allows outbound traffic to ports 80 to 84, 443, 4443, 8080, 8443, and 8888.
- Trust XFF Header. Toggle on if you are configuring proxy chaining or the full web proxy. Your organization must be licensed for ETP Advanced Threat.
- Proxy Logging Mode. To change the ETP Proxy logging mode, select a different level. The default Level 1 ensures that detailed data is logged, such as response or request headers in HTTP or HTTPS threat events. For more information, see Proxy logging mode.
- Bypass Microsoft 365 Traffic. Toggle on to bypass traffic to Microsoft 365 apps and services.
- Block Incompatible Domains. Toggle on to block domains that are not compatible with TLS encryption. Otherwise, the ETP Proxy is bypassed for these domains.
- Risky Domains. Select Classify to apply the policy action of a threat category to risky domains that ETP Proxy detects as threats (for example, malware, phishing, or C&C threats). Otherwise, select Allow to permit traffic to risky domains without analysis.
- File Sharing . Select Classify if you want to apply the policy action of a threat category to file sharing domains that ETP Proxy detected are threats (for example, malware, phishing, or C&C threats). Otherwise, select Allow to permit traffic to file sharing domains. Note: This field is not available if you block the File Sharing AUP category.
- Invalid Certificate Response. Select Block - Error Page to block a request if the ETP Proxy cannot verify a website's origin certificate. Otherwise, select Bypass to bypass ETP Proxy.
- Enable Inline Payload Analysis. Toggle on if ETP Proxy is enabled and your organization is licensed for Advanced Threat.
- Block Unscannable Files. Toggle on if you want to block files that cannot be scanned with ETP Proxy as part of inline payload analysis.
- Block On Upload Scan Timeout. Toggle on if you want to block requests that cause scanning to take longer than expected. Note: This setting applies to DLP and File Type blocking.
Risky Files Handling
- by file size. If your organization is enabled for
- For downloads that range from 5 MB to 2 GB in size, select Allow or Allow and Scan. Otherwise, select Block - Error Page. For more information, see Static malware analysis of large files.
- If you select Allow and Scan, the Dynamic Analysis toggle is available. To enable dynamic analysis, toggle this setting to on. For more information, see Dynamic malware analysis.
- For files that are greater than 2 GB (huge files), select an action. You can select Block - Error Page or Allow. For more information, see Payload analysis.
- Safe Search. Toggle on to block explicit results from Google and Bing searches.
- YouTube. Select Strict or Moderate to enable YouTube Restricted Mode. Otherwise, select Unrestricted to allow unrestricted access to YouTube content.
- Forward Public IP to Origin. Toggle on to forward the user’s public IP address to authoritative DNS servers and web servers. This setting identifies the geolocation of clients. Make sure you also enable this setting if you enabled the Optimize Microsoft 365 Traffic option.
- Authentication Mode. Select Require to require authentication, Optional to give users the option to skip authentication, or None. This mode defines whether users are prompted to authenticate when accessing allowed websites in an Acceptable Use Policy (AUP).
- Identity Provider. Select an identity provider if you selected Require or Optional in the previous field.
- Overwrite Device Proxy Settings. Select Yes or Only if there’s no local proxy if you want to enable ETP Client as a proxy on the client computer or device. Otherwise, select No.
To change the policy action that’s
associated with a threat category or custom list that you want to modify, in the Threat or
Custom Lists tab:
Note: On the Threat tab, you can also select a predefined security template. For more information, see Security templates.
- Navigate to the threat category or custom list that you want to configure with a new action. Click the Action menu for known or suspected domains or IP addresses.
- If applicable, select a new response and Security Connector.
- If you want the policy to block or monitor the download of specific file types, click the Access Control tab and the File Types subtab. Then follow the instructions described in Access by file type.
- To add a list to the policy, see Add a Block list to a policy or Add an Exception list to a policy.
- To configure custom headers, see Add a custom header.
If your organization is participating in
the data loss prevention (DLP) beta and you want to associate a DLP dictionary, complete
- Go to the Access Control tab.
- In the DLP tab, click the link icon and select a dictionary or multiple dictionaries.
- Click Associate. By default, DLP dictionaries are assigned the Monitor action.
To assign the Block - Error Page
action, select it from the Action menu.
Note: You must have enabled ETP Proxy and inline payload analysis to complete this step. This feature is in beta and available to organizations that are licensed for ETP Advanced Threat.
- To remove a dictionary, click the delete icon.
- To modify alert settings click the Access Control tab and toggle the Send Alert option to enable or disable alerts.
- If your organization is participating in the application visibility and control (AVC) beta, see Configure application visibility and control. Otherwise, see Configure an Acceptable Use Policy to configure an acceptable use policy (AUP).
- Click Save.
After you edit a policy, you must deploy the configuration changes to the ETP network. For instructions see Deploy configuration changes.