Many of the Compliance Policy actions contain Action Rules that include these components:
Action |
Definition |
---|---|
Observe |
Log endpoint activity without further action. Users do not know that they are non-compliant. Non-compliant endpoints show in the Observe state in the Reporting tab. |
Warn |
Alerts the user about non-compliance and automatically does the specified remediation steps. Send a log entry to the administrator. |
Restrict |
Alerts the user about non-compliance and automatically does the specified remediation steps. Send a log entry to the administrator. Changes applicable polices to the restricted state after a pre-defined number of heartbeats (default =5). Before this happens, the user is in the about to be restricted state. On the monitoring tab, the user is shown as pre-restricted. |
The Compliance blade runs the rules. If it finds violations, it runs the steps for remediation and does the Action in the rule.
Some Action Rules are included by default. You can add more rules for your environment.
Basic Workflow for defining additional compliance rules:
Do these steps again to create additional Action rules as necessary.