Update quarantine-policies.md #279
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a customers' confusion we're seeing is specifically around the built-in AdminOnlyAccessPolicy, which is not editable and has the notification setting hardcoded to “Off”. This means: Admins cannot enable or disable notifications for this policy. End users should never receive notifications if this default policy is applied. The problem arises because the documentation presents notification settings as configurable, which leads some customers to believe this includes the built-in AdminOnlyAccessPolicy. As a result, they open cases wondering why end users receive notifications or asking how to turn them off—when in fact, the default policy doesn’t even allow that. (knowing that by analysis, we can share why users are receiving notifications, based on what is set for this kind of threat SCL level, maybe because it is identified SPAM and he doesn't have the AdminOnly action set for SPAM mails in his custom quarantine policy ) To reduce this confusion, I suggest we consider explicitly stating in documentation that: The default AdminOnlyAccessPolicy is immutable It always has notifications disabled If notifications are needed alongside restricted access, admins should use a custom policy with "No access" and configure notifications accordingly. Discussed with our Beta engineer, Mithun and confirmed to update the documentation with the pulled information
|
Learn Build status updates of commit ce42c05: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
|
Learn Build status updates of commit fdc591c: ✅ Validation status: passed
For more details, please refer to the build report. For any questions, please:
|
|
@Chirouette, I also tried to strengthen the "you can't modify default quarantine policies" references throughout (added and made them alerts). |
|
@Chirouette Please work with the private repository rather than the public. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a customers' confusion we're seeing is specifically around the built-in AdminOnlyAccessPolicy, which is not editable and has the notification setting hardcoded to “Off”. This means: Admins cannot enable or disable notifications for this policy. End users should never receive notifications if this default policy is applied. The problem arises because the documentation presents notification settings as configurable, which leads some customers to believe this includes the built-in AdminOnlyAccessPolicy. As a result, they open cases wondering why end users receive notifications or asking how to turn them off—when in fact, the default policy doesn’t even allow that. (knowing that by analysis, we can share why users are receiving notifications, based on what is set for this kind of threat SCL level, maybe because it is identified SPAM and he doesn't have the AdminOnly action set for SPAM mails in his custom quarantine policy )
To reduce this confusion, I suggest we consider explicitly stating in documentation that: The default AdminOnlyAccessPolicy is immutable
It always has notifications disabled
If notifications are needed alongside restricted access, admins should use a custom policy with "No access" and configure notifications accordingly.
Discussed with our Beta engineer, Mithun and confirmed to update the documentation with the pulled information