Understanding policy thresholds
Before exploring the Governance Center, it is essential to understand two key concepts: what a policy threshold is and how you can configure it.
What is a policy threshold?
A policy threshold is defined as the maximum number of matched items (policy violations) that a policy can have before it is considered non-compliant. In simpler terms, it's the limit on how many violations you can have before a policy is breached. For out-of-the-box policies, this limit is set to zero by default. This means if any violations are detected (i.e., the number of matched items is greater than zero), the policy is automatically marked as non-compliant.
Configuring the threshold
Configuring a threshold is a straightforward process. For out-of-the-box policies, a threshold is mandatory and preset to zero, but you can adjust it based on your requirements. For custom policies, setting a threshold is optional. You can specify or alter a policy's threshold through the “Edit policy” panel.
Threshold and policy severity
A policy severity level impacts the warning you receive if a policy becomes non-compliant with its threshold.
What are severity levels?
Severity levels categorize policies based on risk:
- Critical: indicates a high risk that demands immediate action.
- Warning: represents a moderate risk that should be addressed promptly.
- Informational: used for reporting purposes, indicating no immediate risk.
These categories (Critical, Warning, and Informational) help prioritize responses to policy breaches.. Learn more.
Predefined and custom policy severity levels
Out-of-the-box policies come with a predefined severity level. For custom policies, however, you have the flexibility to set the severity level. This allows you to decide the importance of a threshold violation and the warnings it triggers.
Custom policies created before the introduction of severity levels on October 1st, 2024, will be automatically assigned a warning severity level. We recommend reviewing and adjusting this setting as soon as feasible to ensure it accurately reflects the risk level.
Why are thresholds important?
Understanding and configuring policy thresholds is a fundamental aspect of managing compliance within the Governance Center. By setting appropriate thresholds and severity levels, you can ensure that you're adequately notified of policy violations, allowing for timely and effective responses.