Step 7 - Create a Policy
A Policy is a set of rules that define:
- What data is protected and backed up
- How often the backups occur
- Whether any data loss prevention features are used to protect your data should a device be lost or stolen
- Whether Windows user profile settings are backed up.
You can create as many Policies as you need. You might have one Policy for everyone or you could have different Policies for each team.
Let's create your first Policy.
Create a New Policy
- Click Policies.
If you don't have any Policies in your Endpoint Cloud, click Add a Policy. Endpoint Cloud creates a new Policy and opens it, ready for you to define its settings.
- Give the Policy a name. Click on the edit icon next to the default name and then enter the new name.
Your new Policy has default settings in place, and many Endpoint Cloud administrators find that these settings are suitable for their needs. If you have different requirements, you can change the settings in the following sections:
- Protected Data: Use to define what data is selected for protection.
- Backup and Restore: Use to choose how often backups take place.
- DLP: Use to choose the data loss prevention measures for the policy.
- Migration: Use to choose whether settings related to Windows user profiles are backed up.
Let's look at the choices you can make in the Protected Data, Backup and Restore, DLP, and Migration sections.
Use the Protected Data settings to choose which files will be protected and backed up (according to the rules defined in the policy). The settings in the policy define:
- What data is backed up and protected
- Whether encryption is applied on the local device files
- Whether access to data can be revoked automatically
- Whether a device can have its protected data wiped remotely
Let's take a look at the different sections.
Global files are collections of file types. For example, there is a Microsoft Office files collection, for files saved in Word, Excel, PowerPoint, etc. By default, Endpoint Cloud will back up these 'global' files, irrespective of where they are stored on the devices that use the policy.
You can use the Global Files settings to:
- Add or remove file types from the different collections
- Create a new collection for different types of files. For example, you may want to create a new collection that contains the file types for your proprietary software.
You can set Endpoint Cloud to back up and protect files in specific locations on a computer (local drives only, by default). Some common locations are included by default, including All Volumes, Desktop, and Documents, and you can add other locations if required.
For each location, you can choose what files are backed up and protected: all files, global files only, or a set of files you choose manually.
The Cloud Drives section works in the same way as Locations, except that it applies to cloud storage locations, such as One Drive.
Choose the Cloud Drive you want EndPoint Cloud to back up and protect, and then choose to include all files, global files, and/or a custom file selection.
Use the Emails section to set Endpoint Cloud to backup and protect the archive files of your email client. For example, you can add Microsoft Outlook as an Email client and then set Endpoint Cloud to back up and protect all of Outlooks PST files or only those PST files that are active in the Outlook profile.
Use the Global Excludes section to specify which file types and folders should not be backed up or protected. Note that if a folder or file type is included in Global Files and Global Excludes, it will not be backed up or protected (Global Excludes takes priority over Global Files).
Backup & Restore
Use the Backup & Restore tab to set the schedule for backing up the devices (that use the policy) on a regular basis.
The Data Loss Prevention (DLP) tab is where you control the settings for protecting data locally on the devices. These settings are designed to protect your data when a device (that uses this policy) is lost or stolen.
You can choose to:
- Enable local file encryption on the machine. This works by loading a user encryption certificate on to the device. The files can only be accessed if the certificate is available.
- Prevent access to the files if the device does not connect to Endpoint Cloud within a set period of time. The agent automatically revokes the user encryption certificate, so that the files cannot be accessed.
- Use geolocation to find the last known location of the device.
Use the Migration settings to control whether Endpoint Cloud makes a backup of the Windows user profile settings. This type of data includes accessibility settings, mouse and keyboard settings, Favorites, and many other user-specific settings.
You can enable or disable Migration as required.