For ITM / Endpoint DLP prevention rules, a notification policy lets you define an endpoint notification that will notify end users about disallowed activities.
Notification policies are assigned to one or more prevention rules. The notification appears as a pop-up message when an activity is blocked by a prevention rule.
From a prevention rule, you select the action:
-
Block the action
-
Prompt the user to provide a justification
Then you assign the notification policy to the rule by clicking Assign End User Notification. For details about creating a Notification Policy, see Notification for Endpoint Activities.