You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-for-cloud-apps/policy-template-reference.md
+3-7Lines changed: 3 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,9 +1,10 @@
1
1
---
2
2
title: Microsoft Defender for Cloud Apps policy templates
3
3
description: This article provides information on policy templates included in Microsoft Defender for Cloud Apps.
4
-
ms.date: 01/29/2023
4
+
ms.date: 11/16/2025
5
5
ms.topic: how-to
6
-
ms.reviewer: Ronen-Refaeli
6
+
ms.reviewer: MayaAbelson
7
+
7
8
---
8
9
9
10
# Defender for Cloud Apps policy templates
@@ -13,7 +14,6 @@ We recommend that you simplify policy creation by starting with existing templat
13
14
For the full list of templates, check the Microsoft Defender Portal.
14
15
15
16
16
-
17
17
## Policy template highlights
18
18
19
19
|Risk category|Template name|Description|
@@ -33,10 +33,6 @@ For the full list of templates, check the Microsoft Defender Portal.
33
33
|Cloud discovery|New risky app|Alert when new apps are discovered with risk score lower than 6 and that are used by more than 50 users with a total daily use of more than 50 MB.|
34
34
|Cloud discovery|New sales app|Alert when new sales apps are discovered that are used by more than 50 users with a total daily use of more than 50 MB.|
35
35
|Cloud discovery|New vendor management system apps|Alert when new vendor management system apps are discovered that are used by more than 50 users with a total daily use of more than 50 MB.|
36
-
|DLP|Externally shared source code|Alert when a file containing source code is shared outside your organization.|
37
-
|DLP|File containing PCI detected in the cloud (built-in DLP engine)|Alert when a file with payment card information (PCI) is detected by the Microsoft Defender for Cloud Apps built-in data loss prevention (DLP) engine in a sanctioned cloud app.|
38
-
|DLP|File containing PHI detected in the cloud (built-in DLP engine)|Alert when a file with protected health information (PHI) is detected by the Microsoft Defender for Cloud Apps built-in data loss prevention (DLP) engine in a sanctioned cloud app.|
39
-
|DLP|File containing private information detected in the cloud (built-in DLP engine)|Alert when a file with personal data is detected by the Microsoft Defender for Cloud Apps built-in data loss prevention (DLP) engine in a sanctioned cloud app.|
40
36
|Threat detection|Administrative activity from a non-corporate IP address|Alert when an admin user performs an administrative activity from an IP address that isn't included in the corporate IP address range category. First configure your corporate IP addresses by going to the Settings page, and setting **IP address ranges**.|
41
37
|Threat detection|Log on from a risky IP address|Alert when a user signs into your sanctioned apps from a risky IP address. By default, the Risky IP address category contains addresses that have IP address tags of Anonymous proxy, TOR, or Botnet. You can add more IP addresses to this category in the IP address ranges settings page.|
42
38
|Threat detection|Mass download by a single user|Alert when a single user performs more than 50 downloads within 1 minute.|
0 commit comments