Organizations that use Active Directory often assign users to Active Directory groups. For example, IT, QA, RnD, Marketing, Product, Management, Finance, HR.
The Policy by Active Directory feature enables setting a sanitization policy to each Active Directory group and set priorities for those policies.
Once the order of priorities has been set, incoming emails or files that are earmarked for users are processed accordingly. For each incoming item, Disarmer looks for the first Active Directory group that matches the intended user and applies the policy that was assigned to it.
|A Security department in an organization wants to keep track of files entering the organization and analyze each event. The policy that would best suit their needs would allow the Security Active Directory group (and only them) to receive malware to their isolated environment.
|Finance department personnel often use macros to perform their daily tasks. An appropriate policy for the Finance Active Directory group would allow them to receive Excel files that contain macros. For the rest of the organization, the policy would remove the suspicious macros.
To assign groups to policies and prioritize the policies:
|In the Management Dashboard navigation pane, click System Settings, then click Policy by Active Directory.
A table of the policies that have been defined is displayed. There are three elements for each policy:
|Priority: Displays the current priority of the policy. Use the up and down arrows to set the priority. The policy with first priority ("Ron" in the image above) is the most lenient; the policy with last priority (for "Default Policy") is the most restrictive.
|Groups: Contains a list of the groups that are defined on the Active Directory server. Select a groups from the list to assign the policy to them.
When you click the list, the following appears:
Check a group to select it. There are buttons to check all groups and uncheck all groups.
You can also search for a group by typing its name in the Search field.