Syskit Point
Schedule a DemoStart a Free TrialContact UsProduct Site
  • Syskit Point
  • Releases
    • Syskit Point Cloud
      • May 13, 2025
      • May 06, 2025
      • April 29, 2025
      • April 22, 2025
      • April 08, 2025
      • April 01, 2025
      • March 25, 2025
      • March 18, 2025
      • March 11, 2025
      • March 04, 2025
      • February 25, 2025
      • February 18, 2025
      • February 11, 2025
      • February 06, 2025
      • January 28, 2025
      • January 22, 2025
      • January 14, 2025
      • January 02, 2025
      • December 17, 2024
      • December 10, 2024
      • December 03, 2024
      • November 26, 2024
      • November 19, 2024
      • November 05, 2024
      • October 29, 2024
      • October 22, 2024
      • October 15, 2024
      • October 08, 2024
      • October 01, 2024
      • September 24, 2024
      • September 18, 2024
      • September 02, 2024
      • August 26, 2024
      • August 20, 2024
      • August 12, 2024
      • August 06, 2024
      • July 29, 2024
      • July 23, 2024
      • July 02, 2024
      • June 18, 2024
      • June 04, 2024
      • May 21, 2024
      • May 09, 2024
      • April 23, 2024
      • April 9, 2024
      • March 26, 2024
      • March 12, 2024
      • February 22, 2024
      • February 06, 2024
      • January 19, 2024
      • January 18, 2024
      • December 19, 2023
      • November 30, 2023
      • November 15, 2023
      • November 2, 2023
      • November 2, 2023 - Announcement
      • October 17, 2023
      • October 3, 2023
      • September 21, 2023
      • September 14, 2023
      • September 7, 2023
      • August 23, 2023
      • August 9, 2023
      • July 26, 2023
      • July 12, 2023
      • May 16, 2023
    • Syskit Point Data Center
      • Syskit Point 2025.2
        • Syskit Point 2025.2.90
        • Syskit Point 2025.2.86
        • Syskit Point 2025.2.82
        • Syskit Point 2025.2.78
      • Syskit Point 2024.6
        • Syskit Point 2024.6.73
        • Syskit Point 2024.6.71
        • Syskit Point 2024.6.70
      • Syskit Point 2024.5
        • Syskit Point 2024.5.67
        • Syskit Point 2024.5.65
      • Syskit Point 2024.4
        • Syskit Point 2024.4.60
        • Syskit Point 2024.4.54
        • Syskit Point 2024.4.52
      • Syskit Point 2024.3
        • Syskit Point 2024.3.48
      • Syskit Point 2024.2
        • Syskit Point 2024.2.45
      • Syskit Point 2024.1
        • Syskit Point 2024.1.43
        • Syskit Point 2024.1.41
      • Syskit Point 2023.5
        • Syskit Point 2023.5.39
      • Syskit Point 2023.4
        • Syskit Point 2023.4.1
        • Syskit Point 2023.4.0
      • Syskit Point 2023.3
      • Syskit Point 2023.2
      • Syskit Point 2023.1
        • Syskit Point 2023.1.3
        • Syskit Point 2023.1.2
        • Syskit Point 2023.1.1
        • Syskit Point 2023.1.0
      • Syskit Point 2022.5
        • Syskit Point 2022.5.1
        • Syskit Point 2022.5.0
      • Syskit Point 2022.4
        • Syskit Point 2022.4.1
        • Syskit Point 2022.4.0
      • Syskit Point 2022.3
        • Syskit Point 2022.3.1
        • Syskit Point 2022.3.0
      • Syskit Point 2022.2
        • Syskit Point 2022.2.3
        • Syskit Point 2022.2.2
        • Syskit Point 2022.2.1
        • Syskit Point 2022.2.0
      • Syskit Point 2021.12
      • Syskit Point 2021.11
      • Syskit Point 2021.10
      • Syskit Point 20
      • Syskit Point 19
        • Syskit Point 19.0.2
        • Syskit Point 19.0.1
        • Syskit Point 19.0.0
  • Requirements
    • Permission Requirements
    • Change Log
  • Set Up Point Cloud
    • Overview
    • Free Trial
    • Free Trial Limits
    • Manage Syskit Point Subscriptions
  • Set Up Point Data Center
    • Deployment
      • Overview
      • System Requirements
      • Deploy Syskit Point
      • Connect to Microsoft 365 Tenant
      • Set Up Custom Domain and SSL Certificate
      • Upgrade Syskit Point
      • Azure Networking
    • Activation
      • Activate Syskit Point
      • Free Trial Data Center
  • Licensing & Activation
    • Licensed Users Count
    • Activation Privacy Statement
  • Get to Know Syskit Point
    • The Syskit Point Starter Kit
    • Navigate Through Syskit Point
    • Collect Microsoft 365 Data
  • Microsoft 365 Inventory
    • Microsoft 365 Inventory Overview
    • Explore Your Microsoft 365 Dashboard
    • Sites
    • Microsoft Teams & Groups
    • Users
    • Copilot Readiness
  • Configuration
    • Syskit Point Configuration Guide
    • Assign and Manage Access to Syskit Point
    • Enable Microsoft Teams Activity Tracking
    • Configure Storage Management in Syskit Point
    • Set Up E-Mail
    • Connect Service Account
    • Customize Audit Logs Collection
    • Upgrade SQL to Managed Identity Authentication
    • Enable Power Platform Data Collection
    • Enable Power BI Data Collection
    • Ignore Service Account Activity Tracking
    • Customize License Reports
    • Customize E-Mails
    • Report Data Limits
    • Turn On Auditing
    • Exclude Users from Receiving Governance Tasks
    • Customize Dashboard
    • Customize Syskit Point Appearance
    • Configure Your Environment for Storage Management
    • Save Custom Views
    • Audit for Syskit Point Settings
    • Manage Connection
  • Reporting
    • Overview
    • External Sharing Reports
    • Access Reports
    • Audit Reports
    • Cleanup & Health Reports
    • Licenses Reports
    • Analytics Reports
    • Sensitivity Labels Reports
    • Power Platform Reports
    • Power BI Reports
  • Storage Management
    • Storage Management Overview
    • Free Up Storage
    • Storage Reports
    • Limit Storage Usage
    • Storage Versioning Limits
  • Governance & Automation
    • Syskit Point Tasks
    • Access Review
      • Enable Automated Access Review
      • Create and Apply Access Review Policies
      • Modify Access Review Options
      • Monitor Access Review in Syskit Point
      • Manually Request Access Review in Syskit Point
    • Lifecycle Management
      • Lifecycle Management - Deprecated
      • Identify Inactive Workspaces
      • Enable Lifecycle Management Automation
      • Monitor Lifecycle Management Tasks in Syskit Point
      • Run Lifecycle Management Actions in Syskit Point
    • Policies
      • Set Up Policies
      • Rules
      • Blocked Users with Assigned Licenses
      • Inactive Guest Users
      • Inactive Workspaces
      • Minimum Number of Owners
      • Maximum Number of Owners
      • Orphaned Workspaces
      • Orphaned Users
      • Tenant Storage Limit
      • Workspaces with Too Many Members
      • Workspaces with Shadow Users
      • Private Workspaces Shared with Everyone
      • Workspaces Without a Sensitivity Label
      • Apply Policies
      • Upgrade to Rules
    • Security and Compliance Checks
      • Security and Compliance Checks
      • Inactive Workspaces
      • Orphaned Workspaces
      • Inactive Guest Users
      • Blocked Users with Assigned Licenses
      • Workspaces with Not Enough Owners
      • Orphaned Users
      • Workspaces with Too Many Owners
      • Tenant Storage Limit
      • Workspaces with Too Many Members
      • Workspaces with Shadow Users
      • Private Workspaces Shared with Everyone
      • Workspaces Without a Sensitivity Label
    • Provisioning
      • Set Up Provisioning
      • Enable or Disable Provisioning
      • Register Yammer App
      • Enable Sensitivity Labels
      • Restrict Microsoft 365 Groups Creation
      • Templates
      • Content & Structure
      • Configure Provisioning Failure Notifications
      • Approval Processes
      • Approve/Reject Requests
      • Manage Requests
      • Hide Workspace Name
    • Access Requests
      • Set Up Access Requests
      • Create Access Requests
      • Apply Access Requests
      • Approval Process
    • Metadata
      • Manage Custom Metadata
      • Request Metadata Review
      • Monitor Metadata Review
    • Sensitivity Review
      • Request Sensitivity Review
      • Monitor Sensitivity Review
    • Privacy Review
      • Request Privacy Review
      • Monitor Privacy Review
    • Syskit Point Teams App
    • Schedule Reports
    • Configure Alerts
    • Manage Sensitivity Labels
  • Access Management
    • Track Microsoft 365 External Users and Their Activities
    • Check Access for Specific Microsoft 365 User
    • Copy User Permissions
    • Delete and Restore Users
    • View Permission Changes in Microsoft 365
    • Supervise Microsoft Teams Private Channels
    • Manage Private Channels Access
    • Complete Power Platform Actions
  • Integrations
    • Overview
    • Syskit Point API
    • Webhooks
    • Examples
      • Webhooks
      • ServiceNow
      • Jira
  • FAQ
    • Security
    • Security Self Assessment Questionnaire
    • Storage Management
    • Free Trial
    • Licensing
    • Activation
    • Purchasing and Discounts
    • Customer Terms
    • Privacy and Compliance
    • Partner Program
    • Site Storage Limits
    • Orphaned Users
    • Inactive Users Detection
    • Provisioning - Content & Structure
  • Troubleshooting
    • Export Diagnostic Logs
    • Setup Diagnostic Logs Export
    • Analytics and Usage Report Issues
  • Explore Syskit Point for Site Owners/Collaborators
    • Syskit Point for Collaborators
    • Resolve Governance Tasks
      • My Tasks
      • Complete Access Review Tasks
      • Complete Metadata Review Tasks
      • Complete Privacy Review Tasks
      • Complete Sensitivity Review Tasks
      • Resolve Inactive Workspaces Tasks
      • Resolve Lifecycle Management Tasks
      • Resolve Inactive Guest Users Tasks
      • Resolve Minimum Number of Owners Tasks
      • Resolve Maximum Number of Owners Tasks
      • Resolve Orphaned Workspaces Tasks
      • Resolve Tenant Storage Limit Task
    • Manage Access
      • Manage External Sharing
      • Manage Users
    • Manage Workspaces
      • Request New Workspace
      • Request Workspace Access
      • Manage Workspaces
      • Manage Custom Metadata
    • Reporting
      • Syskit Icons Glossary
      • Inventory Reports
      • Schedule Reports
      • Alerts
      • Cleanup & Health Reports
      • External Sharing Reports
      • Access Reports
Powered by GitBook
On this page
  • Prerequisites
  • Detection vs Task Delegation
  • Detection
  • Task Delegation
  • Syskit Point Policies
  • Available Policies
  • Policy Settings
  • Modifying Policy Settings
  • Resolving Policy Tasks

Was this helpful?

  1. Governance & Automation
  2. Policies

Set Up Policies

This article explains how to enable and configure policies in Syskit Point.

PreviousPoliciesNextRules

Last updated 6 months ago

Was this helpful?

Policies are available in the Governance plan and higher tiers. See the for more details.

Prerequisites

To use the advantages of Policies in Syskit Point, you need to:

Additionally, you can also to have policies automatically applied to current and all future workspaces without having to assign them manually.

Please note! Only users assigned the role of Syskit Point Admin can access and configure Settings in Syskit Point.

Detection vs Task Delegation

Detection

Two modes of policy operation for Governance policies are available in Syskit Point: Detection and Task Delegation.

The following are detection-only policies that are applied tenant-wide:

When it comes to detection-only policies, Syskit Point detects a vulnerability in a workspace based on the applied policy.

The purpose of this is to assist Syskit Point admins by reminding them there are potential issues in their Microsoft 365 environment every time they open Syskit Point.

  • When you acquire Syskit Point, default policies are created - Minimum 2 Owners (Default Policy), Maximum 5 Owners (Default Policy), Orphaned Workspaces (Default Policy), Maximum 50 Members (Default Policy) - and applied to all your workspace via a default rule; these policies serve to give you an overview of workspaces that are potentially not configured according to best practices; no need to worry, though - default policies are configured as detection-only policies, meaning that Syskit Point will not create tasks or send emails.

The Workspaces With Shadow Users (Default Policy) is not included in the default rule and, as a result, is not applied to any workspaces.

Task Delegation

Task Delegation can be enabled in policy settings for each policy listed below.

The following policies can be delegated:

When task delegation is enabled, Syskit Point creates tasks and sends emails to users as defined in the policy settings.

Please note! Summarized policy vulnerability emails will be gradually rolled out, beginning with the Point Cloud 2024.2.45 release. After this change, Syskit Point will no longer send individual e-mails for each workspace or user where a policy vulnerability was discovered.

The emails are summarized per policy type:

  • One email shows up to 10 workspaces grouped by governance policies; if there are more workspaces with vulnerabilities, they will not be listed; instead, the total number of such workspaces is given in the email

  • Reminder emails are also grouped - owners, admins, or other users defined as resolvers will get an email listing all workspaces with vulnerabilities where they have a task due in 3 days

  • Emails sent when Syskit Point automatically resolves vulnerabilities with a defined action are also summarized.

  • Access Requests and Access Review policies don't represent vulnerabilities and will not appear on the Security & Compliance dashboard; think of them as automation-only policies.

  • When you acquire Syskit Point, default policies are created with task delegation disabled. Edit the default policies settings to enable task delegation.

Syskit Point Policies

Syskit Point enables creating and using policies that will make sure the following is set correctly and reviewed when needed:

  • Ownership on Microsoft Teams and Microsoft 365 Groups

  • Inactive Guest Users

  • Blocked Users with Assigned Licenses

  • Orphaned Users

  • User's access

  • Tenant-wide Storage Usage

When dealing with policies, you can either:

  • Adjust predefined policies and apply them to your workspaces, or

  • Create new policies from scratch and apply them to your workspaces

  • Set up policy rules to have policies automatically applied to current and new workspaces

For simple use cases where the same policies are applied to all workspaces, you can adjust the predefined policies to speed up the configuration. For a more complex setup, you can create multiple policies of the same policy type and apply them to a subset of your workspaces.

Available Policies

Take a look at the articles below to learn how to set up each governance policy:

By clicking on the names of each policy, you can find an article with information on enabling and managing all mentioned policy types.

Policy Settings

To open the Policies settings screen, navigate to Settings > Governance > Policies.

Here, you can:

  • Create a new policy (1)

  • Manage and apply policies to Microsoft Teams, Microsoft 365 Groups, OneDrive, and sites (2)

  • View all predefined policies by name (3); Syskit Point comes with multiple predefined policies to help you get started

  • View additional information about each policy; the following information is available policy type (4), severity of policy(5), category policy fits under (6), to how many workspaces a policy is applied (7), and whether the policy is automated or not (8)

  • Manage policies (9); Edit and Delete actions are provided for each policy, except for those applied tenant-wide and the default policies used by the default rule

Modifying Policy Settings

When you decide to modify existing governance policies, there is a notification showing what you can expect to occur based on the changes made.

Here is a summary of policy updates and expected results:

  • Modifying detection options for policies are applied within 24 hours. For example, changing the minimum number of required owners would take up to 24 hours to apply.

    • Once changes are made, previously detected vulnerabilities and tasks are examined again and closed if the workspace no longer violates the defined parameters.

    • All workspaces are rechecked; if any vulnerabilities now exist, they are detected, and tasks are created if needed.

  • Turning on the task delegation for the first time results in tasks being created and emails being sent within 24 hours.

  • Modifying the task delegation options, in case the task delegation is already enabled for a policy, results in new options being applied to future vulnerabilities. **Existing tasks stay the same.

Hint! If you want to apply new task delegation options to all tasks, turn off task delegation - which closes all existing tasks - and turn it on again, which creates new tasks with the new settings applied.

  • Turning off the task delegation results in closing previously opened tasks.

    • You will continue to see the detected vulnerabilities on the Security and Compliance checks dashboard even though the related tasks are closed.

Resolving Policy Tasks

For more information on how collaborators can resolve specific policy vulnerabilities, navigate to the articles given below:

Syskit Point does not create tasks or send any emails to workspace owners for policies that are configured to perform as detection-only. However, the vulnerabilities are displayed on the new .

Please note! If a user, security group, or mail-enabled security group is added to the Governance-Excluded Users list, they do not receive any Governance-related tasks or task-related e-mails.

- when enabled and applied to Microsoft Teams and Microsoft 365 Groups, this policy detects whether a team or group has fewer owners than defined in the policy settings

- when enabled and applied to Microsoft Teams and Microsoft 365 Groups, this policy detects if a team or group has more owners than defined in the policy settings

- when enabled and applied to Microsoft Teams and Microsoft 365 Groups, this policy detects teams and groups that have no active owners

- detects when a guest user is inactive for a period of time and helps you remove access in a timely and efficient manner

- detects blocked users in your tenant that still have licenses assigned, which helps you optimize cost

- detects users that are blocked from signing in or deleted but still have access to SharePoint content

- provides end-users with the ability to request access to existing Microsoft Teams & Groups, sites, distribution lists, and security groups in the Microsoft 365 environment; Syskit Point administrators can define workspaces visible to end-users and who is responsible for the approval of access requests

- enables Syskit Point admins to enforce regular Access reviews for workspace owners on their workspaces

- detects when total tenant storage usage exceeds the defined percentage

- detects users that have access to specific content but are not members of the Microsoft 365 Group or Team associated with it

- detects which workspaces have more than the maximum number of members predefined by your organization's policies

pricing page
set up e-mail settings
enable Syskit Point Collaborators role
set up policy rules
Blocked Users with Assigned Licenses (Tenant-Wide)
Orphaned Users (Tenant-Wide)
Workspaces with shadow users
Workspaces with too many members
Security & Compliance dashboard
Inactive Guest Users (Tenant-Wide)
Maximum Number of Owners
Minimum Number of Owners
Orphaned Workspaces
Tenant Storage Limit (Tenant-Wide)
For more details on setting up Governance-Excluded Users, take a look at this article.
Minimum Number of Owners
Maximum Number of Owners
Orphaned Workspaces
Inactive Guest Users
Blocked Users with Assigned Licenses
Orphaned Users
Access Request
Access Review
Tenant Storage Limit
Workspaces with Shadow Users
Workspaces with Too Many Members
For information on how to apply your created policies, take a look at this article.
Resolve Minimum Number of Owners vulnerabilities
Resolve Maximum Number of Owners vulnerabilities
Resolve Orphaned Workspaces vulnerabilities
Resolve Inactive Guest Users vulnerabilities
Resolve Tenant Storage vulnerabilites
Policy Settings