Overview
Policies are essential for configuring governance within your Microsoft Entra ID applications. They provide a means to apply rules and regulations, enabling you to maintain compliance and security standards across your app registrations and enterprise applications.
The Policies page in the admin portal is the central place where administrators view, create, and manage governance policies in EasyLife 365 Identity.
For instance, you can configure ownership requirements to ensure every application has designated owners, or set activity rules to identify unused enterprise applications. Policies help you enforce organizational standards and reduce security risks.
Default policies
A default policy is a special policy that automatically applies to applications without an explicitly assigned policy. You can designate one default policy for App Registrations and one for Enterprise Applications.
Why default policies matter
Default policies ensure comprehensive governance coverage across your entire application portfolio, even for applications that:
- Were created before EasyLife 365 Identity was deployed
- Are created through automated processes or scripts
- Are created by users outside of EasyLife 365 Identity workflows
- Haven't been manually assigned to a specific policy
Without a default policy, these applications would remain ungoverned, creating compliance gaps and security risks.
How default policies work
When EasyLife 365 Identity evaluates an application for policy compliance:
- Check for explicit policy assignment: If the application has been assigned to a specific policy, that policy is used
- Fall back to default policy: If no explicit policy is assigned, the default policy for that application type (App Registration or Enterprise Application) is used
- No policy: If no default policy is configured, the application is not governed by policies
Default policies are evaluated and enforced using the same daily compliance checks as explicitly assigned policies.
Setting a default policy
To designate a policy as the default:
- Navigate to the policy list
- Click the three-dot menu on the desired policy
- Select Set as default
Only active policies can be set as default. If you deactivate a default policy, applications will no longer be governed until a new default policy is assigned or explicit policies are applied.
Policy enforcement
Policies are upheld by the EasyLife 365 Identity Engine, a background process that executes daily to ensure policy adherence across your applications. If configurations deviate from expectations, the engine initiates pre-configured workflows using specified notification settings.
Policy types
You can configure policies for:
Policies list
The Policies page displays all configured policies in a table-based layout, with one row per policy.
This list is optimized for:
- Quick overview of policy configuration
- Searching and filtering
- Performing management actions without opening a detail view
Table columns
The following columns are displayed:
| Column | Description |
|---|---|
| Title | The display name of the policy. |
| Type | Indicates whether the policy is an App Registration Policy or an Enterprise Application Policy. |
| Status | Shows whether the policy is currently Active or Inactive. |
| Description | Optional descriptive text explaining the purpose of the policy. |
Policy actions
From the policy list, you can perform the following actions:
- View details: Click on a policy row to view its full configuration.
- Edit: Modify an existing policy's rules and settings.
- Activate/Deactivate: Enable or disable policy enforcement without deleting the policy.
- Delete: Remove a policy permanently.
Create a new policy
To create a new policy:
- Navigate to Policies in the admin portal.
- Select Create new.
- Choose the policy type:
- App Registration Policy
- Enterprise Application Policy
After selecting a type, the Create policy page opens.
Create policy layout
The policy editor is divided into two main areas:
- Left navigation panel: used to move between configuration sections
- Main content area: used to configure the selected section
A warning indicator appears next to sections that are incomplete or invalid.
Configuration sections
1. General
The General section captures basic policy metadata.
| Field | Description | Required |
|---|---|---|
| Title | The display name of the policy. Shown in the policy list and used when assigning policies. | Yes |
| Description | A brief explanation of the policy's purpose. | No |
| Status | Whether the policy is Active or Inactive. Only active policies are enforced. | Yes |
2. Rules
The Rules section defines the compliance criteria that applications must satisfy.
Administrators can configure one or more of the following rules:
- Ownership rules: Minimum application owner, technical owner, business owner
- Activity rule Professional: Sign-in activity monitoring (Enterprise Applications only)
An application is considered compliant only if it satisfies all rules defined in the policy.
3. Notifications
The Notifications section controls how owners are alerted about non-compliant applications.
| Field | Description |
|---|---|
| Number of notifications | How many notifications to send before triggering escalation actions. |
| Days between notifications | The interval (in days) between successive notifications. |
4. Escalation
The Escalation section defines what happens when an application remains non-compliant after all notifications have been sent.
Administrators can configure one or more escalation actions:
Email escalation
Send an email to a specified address when escalation is triggered.
| Field | Description |
|---|---|
| Recipient email | The email address to notify. |
| Subject | The email subject line. |
| Body | The email message content. Supports placeholders for application details. |
Webhook escalation
Send an HTTP POST request to an external system when escalation is triggered.
| Field | Description |
|---|---|
| Webhook URL | The endpoint to call. |
| Headers | Optional HTTP headers (e.g., for authentication). |
| Body | The JSON payload. Supports placeholders for application details. |
Saving the policy
After configuring all sections:
- Review the policy configuration for completeness.
- Click Save to create the policy.
- If any required fields are missing, the system will highlight them with a warning indicator.
Once saved, the policy will appear in the policies list and can be assigned to applications.
Setting a default policy
To set a policy as the default:
- Navigate to the policy list.
- Click the three-dot menu on the desired policy.
- Select Set as default.
The default policy will be automatically applied to all applications without an explicitly assigned policy.