...
Run Ethical Wall on – Choose according to your deploymentproxy for real-time inspection and API for near-real-time and detection.
Policy rules memory cache time (minutes) – Set the number of minutes for the engine to save policies and policy cache locally on the server before refreshing and fetching updated policies from the Database.
Internal domain list – Enter the Office MS 365 domains of your environment.
...
Operation Mode – Set the operation mode on which the engine runs (Live, Learning, or Dummy). When onboarding a new user base, you should set the operation mode to learning.
Calculated Policy cache validity period (hours) – Set the number of hours for policy cache records to remain valid, after this expires the non-valid records will get deleted.
...
Below is a general explanation about this type of Ethical Wall policy.
When setting an Ethical Wall policy it is set between 2 sides (Side A, Side B).
Side A Should be an internal domain\User\AD Group, and side B can be Internal domain\
...
UPN\AD Group or External Domain\
...
UPN.
Side B of an Ethical Wall policy can have special configurations:
• “Same as side A” – The ability to set policies for each internal domain when using multiple ones.
When we have a policy created, we can use the Allow/Block/Control button in order to choose what capabilities of Microsoft Teams we'd like to have allowed/blocked.
...
Chat – The ability to send a chat message.
Audio – The Ability to initiate an audio call.
Video – The ability to initiate a video call.
File Sharing – The ability to share a file.
Desktop Sharing – The ability to perform a screen presentation and whiteboard.
Program Sharing – The ability to perform a screen presentation that presents only a certain program within the computer rather than the entire monitor
...
.
...
...
...
The 2nd section is the policy rules section where the different rules can be configured to allow or block traffic.
POLICY RULES
...
The 3rd section is the optional section and it appears only if a rule is set in “Contact card”. In this section, the contact card information can be controlled.
CONTACT CARD SETTING
...
Conference Policies
These types of policies are policies that are applied when a meeting takes place. Below is a general explanation about the rules and settings of this type of Ethical wall policy. Note that similarly to how the Default P2P policy , the policy conditions can’t be changed in the default conference policy choosing the policy conditions (1st section of the policy) isn’t available. Generally, most of the conference policy rules work in a 2-way manner and can be set to either completely allow a certain feature in a conference or completely block. This is on contrary to P2P policies where a certain rule can have a different behavior if it’s “Incoming” (from side B to Side A) or “Outgoing” (from side A to side B). However certain features (like “Present desktop”) can be set with different “Incoming” and “Outgoing” values.
When setting an Ethical Wall policy it is set between 2 sides (Side A, Side B). Side A Should be an internal SIP domain/Group/UPN, Side B can be Internal SIP an internal domain and also and External SIP Domain.
...
Within the Policies, the following restrictions can be set over these 6 configurations:
Chat – The ability to initiate a chat. In conferences, this rule can be set to allow both sides or block both sides.
Audio – The Ability to initiate a VoIP conversation over Skype for Business. Works the same as the Chat restrictionsan audio conversation.
Video – The ability to initiate a video call over Skype for Business. Works like the chat and the Audio.
Data collaborationFile transfer – The ability to share PowerPoint presentations, File transfer, QA, Whiteboards, and polls. This setting can also be defined either to allow both sides or to block both sidesFile transfer – A way to exclude only file transfer from the Data Collaboration. This feature requires the usage of SphereShield's Content manager (This rule exists only if Data Collaboration is allowed).send a file
Present Desktop – The ability to present the screen. This feature can be set to block or allow incoming and outgoing independently. Will also apply for Present Program.
Remote control – Blocking this feature will grey-out the “Request control” button in a chat. This feature can be set to block or allow incoming and outcoming independently (This rule exists only if Present Desktop is allowed).
Below is a screenshot of the area responsible for restricting or allowing modalities:
...
LikeBe the first to like this
...
Teams Control Policy
There is only 1 policy of this type. The rules of this type of policy will to any conversation inside a Teams channel, according to your configuration.
Below is a screenshot of the rules you can configure for this policy:
...