On-demand Policies

On-demand policies are policies that you can quickly and easily create based on the criteria used for a message search. They are available to Fortra Cloud Email Protection customers who have enabled enforcement for their G Suite or Office365 environments.

Using an on-demand policy, you can selectively enforce a policy action on a set of messages. This includes moving messages from your users' inboxes to a specific folder (you may have multiple folders available for moving messages to), deleting a message, or moving a message back to a user's inbox. By enforcing messages after they have been delivered to users' inboxes, Cloud Email Protection provides you with another tool to mitigate threats. For example, if certain email messages have evaded the existing lines of defense (like spam and virus filtering), you can use the on-demand policies feature in Cloud Email Protection to move those messages out of users' inboxes.

NOTE: On-demand policies are only available if you have enabled enforcement for your organization.

On-demand Policies Index Page

All on-demand policies are listed chronologically in the on-demand policies index page. Go to Manage > On-Demand Policies page to view it.

On-demand policies index page.
On-demand policies index page

From this view, you can see the list of On-Demand Policies created in the past 60 days. Click the Expand Row icon to view the selected On-Demand Policy Detail. Click the On-Demand Policy Name to open the On-Demand Policy details page. In this page you can rename the on-demand policies and view the conditions, who initiated the policy and when, the Action enforced and the enforcement rate of the policies.

Click the Delete icon to remove the on-demand policy from this listing. Note that clicking delete only removes the on-demand policy from the listing; it does not affect the disposition of messages.

Final Notes

On-demand polices are searchable from the search page:

On-demand policies are tracked in the audit logs for an organization. To view the audit log, go to Manage > Organizations, and then click the Audit link under the organization name.

 

Performance Note

The rate at which messages are moved depends on the speed and latency of the API call into the mailbox provider (G Suite or Office365).

The same queuing system is used for enforcement actions from both on-demand policies and "regular" (on-going) message policies. If you routinely enforce large numbers of messages from message policies, adding additional enforcement actions to the queue from on-demand policies will impact the overall performance of enforcing messages in Cloud Email Protection. The queuing system accepts enforcement actions from all sensors simultaneously. You can view the log for enforcement actions on any sensor in the /var/log/agari/enforcer.log.