6 posts tagged with "Policies"

Three new AI-related security checks are now available in your policies:

• Secrets in environment — Detect and prevent exposed secrets in environment variables or runtime context to reduce credential leakage risk.
• Autonomous agents — Detect autonomous agents and require approved controls before allowing access.
• Unguarded elevation — Detect and prevent unguarded privilege elevation that can lead to unauthorized high-privilege actions.

Each check can be configured with warning and blocking actions, just like all other policy checks.

Configure your policies

Policies now support compliance goals, giving you granular control over how and when devices are warned or blocked.

For each security check, you can now configure three separate actions:

• Set your compliance goal — Define the time period in which devices should become compliant (e.g., 30, 60, or 90 days). This goal is only visible to administrators.
• Warn users — Choose when users are informed about a risk: before the compliance goal or on the due date.
• Block a device — Determine when non-compliant devices are blocked from access: before the compliance goal or on the due date.

For version-based checks (OS, browser, reboot), the device detail page now shows timeline badges with the configured goal, warning, and blocking thresholds in days, so you can see at a glance how close a device is to each deadline.

Configure your policies

You can use the policies filter now on the top right of your dashboard. This will show you your statistics based on the policy you have selected.

Get started in the XFA Dashboard.

You can create and manage device security policies to enforce specific security rules for your organization’s devices.

You have the flexibility to customize these rules and add Enforcement integrations to ensure that devices comply with your organization’s security standards.

Get started in the XFA Dashboard and create your own policy.

It's now possible to exclude a specific device type (mobile or desktop devices) from device verification. You can find this setting in the application policy.

This might be useful when you want to slowly onboard your devices or want to add XFA for a limited usecase to cover a blind spot.

To scope your policies to specific (groups of) users, you can now use an email whitelist to specify email or domain for users that should be included. Useful during during your first onboarding when you want to try out XFA with a small set of people!

Note: leaving the field empty will apply the policy to all users (which is the default).