New policy
This page describes the policy creation experience in EasyLife 365 Identity, focusing on how to configure policy rules using the admin portal.
Create a new policy
To create a new policy:
- Navigate to Policies in the admin portal.
- Select Create new.
- Choose the policy type:
- App Registration Policy
- Enterprise Application Policy
After selecting a type, the Create policy page opens.
Create policy layout
The policy editor is divided into two main areas:
- Left navigation panel: used to move between configuration sections
- Main content area: used to configure the selected section
A warning indicator appears next to sections that are incomplete or invalid.
At the top of the page:
- Save persists all changes
- Discard changes resets the policy to its last saved state
- The back arrow returns to the policy list
General section
The General section contains basic policy metadata and behavior settings.
Details
- Title: required, unique policy name
- Description: required, used to explain the policy's purpose
Behavior
- Status: toggle to activate or deactivate the policy. Only active policies are evaluated.
- Default: marks the policy as the default. The default policy applies to all resources without an explicitly assigned policy.
Owners section
The Owners section allows you to configure ownership-related rules. Each rule follows the same interaction pattern:
- A toggle to enable or disable the rule
- Configuration fields that appear when the rule is enabled
Minimum Application Owners Rule
When enabled, this rule verifies the minimum number of application owners. After turning on the corresponding switch in the UI, admins can configure the parameters of the rule.
- Number of application owners: the minimum number of owners that an app should have to be considered compliant with the rule
- Number of reminders: How many reminders are sent to the owners before triggering an escalation
- Days between reminders: How many days pass between two reminders
- Do not notify owners: Disable owner notifications and trigger escalation immediately after an app is found to be incompliant
Minimum Technical Owners Rule
This rule uses the same layout and controls as the application owners rule, but applies to technical owners.
Minimum Business Owners Rule
This rule uses the same layout and controls as the application owners rule, but applies to business owners.
Activity section
The Activity section is used to configure activity-related rules.
Inactivity Rule
When enabled, this rule triggers when an application has not been signed in to for a defined period.
- Interval (days): how many days should pass without a sign-in before the app is considered incompliant with the rule
- Grace period (days): how many days to wait before starting to send notifications if there is no sign-in data
- Allow reset: allows owners to reset application activity
Reminders
- Number of reminders
- Days between reminders
- Option to disable owner notifications
Escalation actions
Two kinds of escalation actions are supported and apply to all rules. By clicking on the "Add escalation" button, admins can add either of the following.
- Send email: an email notification is sent to the specified email address to warn of the incompliance.
- Webhook: an HTTP request is sent to the specified endpoint. Authentication can happen in different ways:
- Anonymous: When the endpoint is of public access.
- Code authentication: When the endpoint requires an authentication code. In this case, admins can specify the required code.
- Entra ID authentication: When the endpoint is secured through Entra ID. In this case, admins should specify the application ID.
Escalations can be removed using the delete icon on each escalation block.