Managing Protection Policies
Protection policies define how Bamboozle SaaS Security handles threats detected in your Microsoft 365 or Google Workspace environment.
Accessing protection policies
- Log in to https://cyberprotect.bamboozle.me.
- Click SaaS Security in the left sidebar.
- Click Policies.
[SCREENSHOT: SaaS Security policies list]
Default policy
A default protection policy is automatically applied when you connect a SaaS source. It provides baseline protection with sensible defaults. You can edit this policy or create additional policies for specific users or groups.
Policy settings
Anti-malware scanning
Controls how files and attachments are scanned for malware:
- Scan all files — every file is scanned regardless of type (recommended)
- Scan specific file types — limit scanning to specific extensions
- Action on detection:
- Block — the file is prevented from being delivered or downloaded
- Quarantine — the file is held for review
- Alert only — the file is delivered but an alert is generated
[SCREENSHOT: Anti-malware scanning settings]
Anti-phishing
Controls how links in emails and documents are evaluated:
- Safe links — links are checked against threat intelligence databases before the user can visit them
- Action on malicious link:
- Block — the link is blocked and the user sees a warning page
- Warn — the user sees a warning but can choose to proceed
- Alert only — the link is accessible but an alert is generated
[SCREENSHOT: Anti-phishing settings with safe links configuration]
Account compromise detection
Monitors sign-in activity for signs of account compromise such as:
- Sign-ins from unusual locations or countries
- Multiple failed login attempts followed by success
- Sign-ins from known malicious IP addresses
- Impossible travel — sign-ins from two locations too far apart to be physically possible
Configure the action when suspicious sign-in activity is detected:
- Alert only — generates an alert for administrator review
- Force MFA — requires the user to complete MFA on next sign-in
- Disable account — disables the account until an administrator reviews it
[SCREENSHOT: Account compromise detection settings]
Sharing policy monitoring
Detects when files or folders are shared in ways that may expose sensitive data:
- External sharing alerts — notifies when a file is shared with anyone outside your organization
- Anonymous link alerts — notifies when a file is shared via an anonymous public link
- Sensitive file sharing — detects when files containing sensitive data types are shared externally
[SCREENSHOT: Sharing policy monitoring settings]
Applying a policy to specific users or groups
By default a policy applies to all users in the connected tenant. To apply a policy to specific users or groups:
- Edit the policy.
- Under Scope, select Specific users or groups.
- Search for and add the users or groups the policy should apply to.
- Click Save.
[SCREENSHOT: Policy scope selection with user/group picker]
Reviewing SaaS Security alerts
All detections appear in the SaaS Security then Alerts section. Each alert shows:
- The type of threat detected
- The affected user and file or email
- The action taken
- A recommended next step
[SCREENSHOT: SaaS Security alerts list]
Click on any alert to see full details and take additional actions such as removing a malicious file, resetting a compromised account's password, or revoking shared links.