Agent Policies define what the Proofpoint Agent captures. Agent Policies are assigned to Realms so that you can configure settings and apply these settings to the endpoints in multiple Realms simultaneously.
You can assign more than one Agent Policy to an Realm. When more than one Agent Policy is assigned to a Realm, you can prioritize their order so you can further define which settings are applied to which Agents. This order determines which settings will be enabled and turned on per Agent Policy. (See Policy Priorities.)
One of the following Signal Types is set for an Agent Policy:
-
Data Loss Prevention (DLP) Only: Include all file related events, such as: copy, move, rename, delete, etc.
-
Insider Threat Management (ITM): Include DLP events and endpoint events such as: application, web browsing, optional screenshots, etc.
Agent Policy Set Up
For more information about how to set up an Agent Policy, see:
Default Account Policy
A Default Account Policy is configured for each account and assigned to each Realm. If no other account policies are added, the default account policy is applied to all users. You can edit the default policy and change the settings.
To turn on a setting for a specific policy, it must be turned on in the Default Account Policy.
Default Account Policy and Entitlements
By default, the Default Account Policy is set for DLP Only entitlements. (See Understanding Entitlements.)
The default account policy includes settings for metadata capture and user interface options.
For ITM entitlements, screenshots are enabled and collection activity is available.
Related Topic:
< Back Administration Users | Agent Realms Next >