Adding a Policy

Policies govern the behavioral boundaries of Just-In-Time assignments. They limit the maximum duration, the required justification, and whether secondary approvals are mandatory.

Steps to Create

  1. Navigate to Administration > Governance Policies.
  2. Click Deploy New Policy.
  3. Configure the strict attributes:
    • Max TTL Constraint: The physical limit in hours before an automatic revocation triggers.
    • Auto-Approve Threshold: Whether lower-tier administrative roles (e.g., Mailbox Admin) bypass secondary approval protocols.
    • MFA Enclave Check: Demand a physical FIDO2 interaction at the exact moment of elevation.
  4. Save and Assign the Policy directly to specific Azure Object IDs.
Important: Conflicts between two overlapping policies will always default to the most restrictive mathematical boundary to maintain Zero-Trust philosophy.

Was this page helpful?