home

Security Service Edge

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Security Service Edge

Creating Policies for Data Protection and Application Security

Create Dynamic DRM Policies

In addition to policies that control access to logins and specific types of data, you can create policies that determine access to keys for decryption of data. DRM policies provide additional options for access control, including the following context areas:

  • Individual users and user groups
  • Device profile
  • Device OS
  • Activity threshold (for example, malware activity)
    1. Choose Protect > Dynamic DRM.
    2. Click New.
    3. Enter a Name (required) and a Description (optional) for the policy.
    4. (Optional) To specify a time range in which the cloud application will be available, click the Time Window toggle. Then, select these options:
  • The days of the week for which you want to apply a time window

  • The time range for those days

    To add another time window, click the + icon at the right, then select the days and time ranges for that time window.

    To add a time range for after office hours, (for example, from 7:00 PM to 8:00 AM), you need to configure two time-window settings: the first for the hours up until midnight; the second for the hours starting at midnight and ending at the desired morning time.

  • Set a time range from 7:00 PM until 0:00 (midnight).

  • Click the + sign to add a time range from 0:00 (midnight) until 8:00 am.

    1. Click Next.

    2. Choose the cloud applications to which the policy will apply.

      Decrypt is the available activity.

    3. Select a context type from the prompt. To include multiple contexts, click the + icon at the right.
    4. Enter the additional details for the selected context type(s).
      Context TypeOptions
      UsersSelect All or Selected. For Selected, enter a valid email address for each user. Separate each address with a comma.
      User Groups

      User groups are organized into directories. When you select User Group as a context type, the available directories containing the groups are listed in the left column.

      Select a directory to view the user groups it contains. The user groups for that directory are displayed.

      Select the groups from the list and click the right-arrow icon to move them to the Selected User Groups column and click Save. These are the groups to which the policy will apply.

      To search for a directory or group, click the Search icon at the top. To refresh the list, click the Refresh icon at the top.

      LocationCheck one or more locations, or check Select All.
      Device Profile

      Select a context type, a context, and a target for each type.

      Managed status: Select an option.

      • Managed
      • Unmanaged

      Compliance Status: Select one or more options.

      • Protected
      • Disconnected
      • Compliant
      • Non-Compliant

      Depending on what you select, some other options are disabled. For example, if you select Protected, Disconnected is disabled. If you select Disconnected, Protected is disabled.

      Threat Status: Select one or more options.

      • Secure
      • Low
      • Medium
      • High

      Click the + sign at the right to add additional Device Profile contexts.

      When all of the context options for Device Profile have been selected and configured (Managed Status, Compliance Status, and Threat Status), no additional targets can be selected if another Device Profile context rule is added.

      Device OS

      From the Match prompt, select an operator: Equal To, Not Equal To, Greater Than, or Less Than.

      Then, from the Device OS prompt, select an OS and an OS version. If you chose Equal To or Not Equal To, you can select multiple OS versions or click Select All. If you chose Greater Than or Less Than, you can only choose one OS version from each category.

      After selecting the desired OS versions, click Save.

      Device OS context policies are currently only supported on OS versions under 11 for both Windows and MacOS.

      User RiskSelect a user risk score level: Low & Above, Medium & Above, or High.
      Source IP

      Enter a valid IP address range.

      (Optional) To add another IP address range, click the + icon at the right, and enter the values.

      click Save.

      IP Risk ScoreSelect an IP risk score level: Low & Above, Medium & Above, or High.
    5. Click the Action tab.

    6. Select a session action - either Allow & Log or Deny. If you select Deny, the policy will not allow the key to be available to decrypt files.

    7. (Optional) For a notification, select Email as a secondary action. Then, select an email notification from the list.

    8. Click Next to display a summary of the policy information.
    9. Review the information. If any corrections are needed, click Previous and make the modifications, or click Confirm to save the policy.

Last updated: November 20, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.