Manage exceptions

  • Last update on October 24th, 2024

What are exceptions?

Exceptions are specific items that should not be counted as anomalies (matched items) and, as a result, are not required to comply with a particular policy. Playbooks allow you to manage exceptions both temporarily and permanently.

For example, suppose you're about to run remediation for all matched items detected by the “Inactive Teams users” policy. However, you find one user who hasn't had any activities in the last 30 days, but it's because they're on parental leave. In this case, there's no reason to remove Teams from this user, so you can set them as an exception. 

When and where you can set exceptions

You can set an exception in two moments:

  1. After the remediation has been enabled: once matched items have been detected, you can set one or more of them as exceptions (see the Set matched items as exceptions section below).
  2. During the attestation process: attestation is an action that involves sending a confirmation request to a manager/stakeholder via email before proceeding with the remediation of a matched item. The recipient can also set the item as an exception.

Learn how to configure attestation.

Evaluate exceptions

 

Matched items and Exceptions icons

 

In the policy box you can see:

  • Matched items: detected items that match the policy criteria and that can be remediated* or set as an exception.
  • Exceptions: how many matched items are already managed as exceptions.

By clicking on the grey icon, you can open a new page (Exception report) where you can see a list of all the exceptions.

Please note that remediation can only be run if the toggle “Enable remediation” is on.

 

Set “Matched items” as exceptions

Matched items are detected items that are not compliant with a particular policy. Those items can be remediated or set as an exception. Let's see how to do it:

Step 1: Select matched items

From the Policy Box, click on the red tag “Matched items”. This will take you to the policy report

Select the “Matched items” icon to go to the policy report

Step 2: Set exceptions

From the policy report, select the items you want to set as an exception, then click “Set as exception” in the bottom-right corner.

Set matched items as exceptions

The selected items will be removed from the “Matched items” list and added to the “Exceptions” list.

Manage an exception

You can manage items marked as exceptions and, if needed, remove them from the exception list. When you do so, the removed item will be shown in the matched items, since it is no longer considered an exception. 

Step 1: Select exceptions

From the Policy Box, click on the gray icon “N. Exceptions”.

Select exception icon

This will take you to the Exceptions report. Here, you can review detailed information about your exceptions, including their creation date, expiration date, renewal history, ownership, and more.

Manage exceptions in the Exceptions report

Step 2: Update exceptions

Exceptions can be updated either in bulk or individually. 

Bulk update:

  1. Select all exceptions you wish to edit.
  2. Click on “Manage exception” at the top of the screen.
  3. A wizard will appear, prompting you to edit policy expiration details and add a note.
  4. Confirm your changes by clicking “Submit”.

Individual update:

  1. Under the “Actions” column, click the ellipses ("") for the specific exception.
  2. Select “Manage exception” from the dropdown menu.

Step 3: Remove exceptions

Exceptions can be removed either in bulk or individually.

Bulk removal:

  1. Select the items you want to remove.
  2. Click on “Remove all exceptions” located in the top-right corner of the window.

Individual removal:

  1. Under the “Actions” column, click the ellipses ("...") for the specific exception.
  2. Choose “Remove exception” from the dropdown menu

When you remove an item as an exception, that item will be shown in the matched items, since it is no longer considered an exception.

 

Manage expired exceptions 

From the Exceptions report, you may notice some exceptions have expired. These can be found under the “Expired exceptions” tab at the top of the screen. Select this tab to manage expired exceptions.

“Expired exceptions” report

Step 1: Review expiration details

In the “Expired exceptions” report, you can review the creation and expiration dates for each expired policy. Additional information includes owners, notes, and other properties available in the main exception report.

Step 2: Resume expired exceptions

Expired exceptions can be renewed either in bulk or individually.

Bulk update:

  1. Select all exceptions you wish to edit.
  2. Click on “Resume exception” at the top of the screen.
  3. A wizard will appear, prompting you to edit policy expiration details and add a note.
  4. Confirm your changes by clicking “Submit”.

Individual update:

  1. Under the “Actions” column, click the ellipses ("") for the specific exception.
  2. Select “Resume exception” from the dropdown menu.

Step 3: Remove expired exceptions

Expired exceptions can be removed either in bulk or individually.

Bulk removal:

  1. Select the items you want to remove.
  2. Click on “Remove all exceptions” located in the top-right corner of the window.

Individual removal:

  1. Under the “Actions” column, click the ellipses ("...") for the specific exception.
  2. Choose “Remove exception” from the dropdown menu.

This report is designed to help you effectively manage and take necessary actions on expired exceptions, ensuring that policy exceptions are current and accurately reflect your organization's compliance needs.