# User Policies

**User Policies** define how user activities are monitored, governed, and controlled within the organisation. User policies help organisations to monitor and prevent risky actions such as accessing restricted applications, transferring sensitive data, or using unauthorised devices. Policies also help protect sensitive data across applications, websites, devices, and other system activities. 

By creating user policies, an organisation can enforce governance, security controls and monitoring  according to organisational requirements across multiple areas:

* **Monitor user activity:** Track how users interact with applications, websites, networks, and files.
* **Restrict risky behaviour:** Block access to unauthorised applications, websites, or devices.
* **Protect sensitive data:** Detect and control how sensitive information is shared across different channels, such as email, uploads, printing, or keystrokes.
* **Enforce consistent rules:** Apply the same security configuration to multiple users through a single policy.

## Add a User Policy

1. Navigate to ***INSIGHT > User Policies***.
2. Click **New User Policy.**
3. **Policy Info**:
   1. In **Import Settings**, select an existing policy if you want to import the settings from any existing policy.
   2. Enter the **policy name**.
   3. Enter a **description** for the policy. The description must be at least 10 characters long.
   4. Select **Set as default policy (Only one default policy is allowed)** if you want to set this policy as the default. \
      The **Default Policy** is automatically applied to all newly created users or users who are not assigned to any user policy.
   5. Click **Continue**.<br>

      <figure><img src="/files/etaqkNrCdNailUsj03r6" alt=""><figcaption></figcaption></figure>
4. In **Environment Setting**, configure how user activities are monitored and controlled across applications, websites, devices, and network connections. These settings help administrators enforce acceptable usage policies, detect risky behaviour, and prevent unauthorised actions that could expose sensitive data.\ <img src="/files/XOrRAhhjO0pVSqLPz6z2" alt="" data-size="original">
   1. **Application Usage**: Enable **Application Usage** to monitor the applications used by users.<br>

      You can also configure application restrictions by enabling:

      1. **Block Application:** Enable **Block Application** to block specific applications from being accessed. You can restrict access to specific applications that are not approved for use within the organisation. \
         Blocking applications can help prevent data leakage, reduce security risks from untrusted software, and enforce organisational security policies.

         For example, you can block file sharing tools, unauthorised cloud storage applications, remote access tools, and peer-to-peer applications.<br>

         To view or configure blocked applications:

         1. In Blocked Applications, click **Detail.**<br>

            <figure><img src="/files/8Ios6FiLDFvgwyaRn7Is" alt=""><figcaption></figcaption></figure>
         2. Search for the application that you want to block for users, select it, and click **Confirm**.\
            ![](/files/Vtvi0w9cvG9VFSrgwnRg)
         3. If you do not find the application you are looking for, enter the application's name and click **Add Application.** We recommend entering the name in uppercase and including the file extension, for example, `WHATSAPP.EXE`.
         4. After the application is added, select it and click **Confirm**.
   2. **Website Usage**: Enable **Website Usage** to monitor websites accessed by users.

      You can also configure website restrictions by enabling:

      1. **Block Website:** Enable **Block Website** to block users from accessing specific websites that may pose security risks or violate organisational policies. This can help reduce exposure to malicious websites, prevent access to unauthorised services, and support compliance requirements.\
         For example, you can block file-sharing websites, unauthorised cloud storage platforms, high-risk domains, and non-work-related websites.\
         To view or configure blocked websites:
         1. In Blocked Websites, click **Detail.**<br>

            <figure><img src="/files/HEOh8kP4ejzFdDl3jHne" alt=""><figcaption></figcaption></figure>
         2. Search for the website, select it, and click **Confirm**.\
            ![](/files/tNsq0LpRrrtlIWi6Jtvv)
         3. If you do not find the website you are looking for, enter the website's URL and click **Add Website.**
         4. After the website is added, select it and click **Confirm**.
   3. **USB/Storage Device Control:** This setting controls how removable storage devices, such as USB drives and external storage media, are monitored on users' devices. It helps prevent sensitive data from being copied or transferred outside the organisation.
      1. **Off:** No monitoring or restrictions are applied.
      2. **Block:** Prevents users from transferring any files to the USB or other storage devices.
      3. **Monitor:** Monitors the files being transferred to USB or other storage devices, including detecting transferred files, identifying sensitive content, monitoring device insertion, and tracking changes made to files on the USB.
   4. **Archive Files:** Enable **Archive Files** to monitor compressed or archived files such as ZIP or RAR files. Archive monitoring helps detect attempts to conceal sensitive data within compressed files before transferring or sharing them.
      1. **Password-Protected Archives:** Enable **Password-Protected Archives** to monitor archive files that are protected with passwords. INSIGHT cannot read the content or access files inside the password-protected archives, but it can monitor the movement of such archives.
      2. **Password-Protected Document:** Enable **Password-Protected Document** to monitor documents that are protected with passwords. INSIGHT cannot read the content inside the password-protected documents, but it can monitor the movement of such documents.
   5. **Network Access & Connectivity**: Enable **Network Access & Connectivity** to monitor user activities related to network connections and data transfers over the network. When enabled, INSIGHT monitors how users access network resources and interact with external or internal networks.

      INSIGHT tracks activities such as:

      * **Connecting to external networks:** For example, when a user connects their device to a new Wi-Fi network, such as a public hotspot or an unsecured network.
      * **Accessing internal network resources:** For example, when users access shared drives, internal servers, or company network services.
      * **Establishing remote connections:** For example, when users connect to remote systems using tools such as VPN, Remote Desktop, or SSH.
      * **Connecting to unknown or suspicious IP addresses:** For example, connections made to unfamiliar external IP addresses or domains.
      * **Network file transfers:** For example, when files are uploaded or downloaded over network connections.
      * **Changes in network connectivity:** For example, switching between networks (e.g., from a corporate network to public Wi-Fi).
      * **Accessing cloud services over the network:** For example, connections to cloud storage or web services used to transfer or access files.
   6. **Image & Document OCR**: Enable **Image & Document OCR** to monitor images and documents using Optical Character Recognition (OCR) to detect sensitive information embedded within them. When enabled, INSIGHT can analyse images and documents to detect sensitive information that may not be visible through standard text-based inspection. \
      By using OCR, INSIGHT extracts text from images and documents to identify whether they contain sensitive data such as personal information, financial details, identification numbers, or other protected information.
   7. **Display Icon in System Tray**: Enable **Display Icon in System Tray** to display the **INSIGHT agent icon** in the user’s system tray. This allows users to see that their activities on the device are being monitored.
   8. **Classify Office Documents**: Enable **Classify Office Documents** to add GuardWare classification labels in the Microsoft Office Standalone version. Users must apply a classification label before saving Office documents. This helps ensure that sensitive or confidential information is properly identified. Depending on the configured policy, labels can define the sensitivity level of documents and apply visual markings such as headers, footers, or watermarks.
   9. **Classify Emails in Outlook**: Enable **Classify Emails in Outlook** to enforce the classification of emails in Microsoft Outlook. Users must apply a classification label before sending emails, helping ensure that sensitive information is properly categorised and handled according to organisational policies.
5. After enabling the necessary settings, click **Continue**.
6. In **Data Type Selection**, select the types of sensitive data that should be monitored or controlled under the policy. Here, you will see a list of predefined data types that INSIGHT can monitor.\
   \
   You can configure monitoring or enforcement actions for different data types across various activities, such as emails, websites, application uploads, keystrokes, and printed files. This allows administrators to enforce different levels of protection depending on the type of activity and the sensitivity of the data.\
   \
   You can review each data type and configure how it should be handled within the policy. Use the search and filter options at the top of the table to quickly locate specific data types.\
   \
   The table lists all available data types along with their configuration details.

   <table data-header-hidden><thead><tr><th width="211.20001220703125">Column</th><th>Description</th></tr></thead><tbody><tr><td><strong>Column</strong></td><td><strong>Description</strong></td></tr><tr><td><strong>ALL DATA TYPES</strong></td><td>Displays the name of the sensitive data type being monitored.</td></tr><tr><td><strong>NATURE</strong></td><td>Indicates the detection method used to identify the data type.</td></tr><tr><td><strong>CONTROL MODE</strong></td><td>Defines how the system handles the detected data.</td></tr><tr><td><strong>ASSIGNED POLICIES</strong></td><td>Shows the policies currently associated with the data type.</td></tr><tr><td><strong>EMAIL BODY</strong></td><td>Monitors sensitive data within the content of emails.</td></tr><tr><td><strong>EMAIL ATTACHMENT</strong></td><td>Monitors attachments sent through email.</td></tr><tr><td><strong>WEBSITE UPLOAD</strong></td><td>Monitors sensitive data uploaded to websites.</td></tr><tr><td><strong>APPLICATION UPLOAD</strong></td><td>Monitors files uploaded through applications.</td></tr><tr><td><strong>PRINTED FILES</strong></td><td>Monitors sensitive data in files being printed.</td></tr><tr><td><strong>KEYSTROKE</strong></td><td>Monitors typed data that may contain sensitive information.</td></tr><tr><td><strong>WEBSITE TEXTS</strong></td><td>Monitors sensitive data entered into website forms.</td></tr><tr><td><strong>STORAGE MEDIA</strong></td><td>Monitors sensitive data transferred to storage media</td></tr><tr><td><strong>DOCUMENT ACCESS</strong></td><td>Monitors sensitive data in document access</td></tr></tbody></table>

   \
   To configure a data type:

   1. Click the **Edit** icon on a data type. If you want to configure multiple data types at once, select the data types you want to configure and click **Apply Bulk**.<br>

      <figure><img src="/files/ooSW9yKKYpOLQ3KHKyOM" alt=""><figcaption></figcaption></figure>
   2. Select the activities where these data types should be monitored.\
      ![](/files/KBAxLS00NOKMsnnoUXaR)
   3. Select the action mode:
      1. **Off**: No monitoring or enforcement is applied for the selected data type.
      2. **Block**: INSIGHT blocks any activities that are selected when the specified data type is detected.
      3. **Monitor**: INSIGHT monitors the data type in the selected activities and records related activities.
      4. **Warn**: INSIGHT alerts the user when the specified data type is detected in the selected activities.<br>

         <table><thead><tr><th width="126.20001220703125">Activities</th><th width="171">Block</th><th width="183.4000244140625">Monitor</th><th>Warn</th></tr></thead><tbody><tr><td><strong>Email Body</strong></td><td>Blocks the email from being sent if the specified data type is detected in the email body.</td><td>Monitors the email content and records activities when the specified data type is detected in the email body.</td><td>Displays a warning and records activities when the specified data type is detected in the email body, but allows the email to be sent.</td></tr><tr><td><strong>File Upload to Application</strong></td><td>Blocks users from uploading a file to an application if the specified data type is detected in the file.</td><td>Monitors file uploads and records activities when the specified data type is detected.</td><td>Displays a warning and records activities when the specified data type is detected while uploading a file to an application, but allows the upload.</td></tr><tr><td><strong>Printing of Files</strong></td><td>Monitors print activity and records details when the specified data type is detected, but does not block any activities.</td><td>Monitors print activity and records details when the specified data type is detected.</td><td>Displays a warning and records activities when the specified data type is detected in the file being printed, but allows printing.</td></tr><tr><td><strong>File Uploaded to Website</strong></td><td>Blocks file uploads to websites if the specified data type is detected in the file.</td><td>Monitors file uploads to websites and records activities when the specified data type is detected.</td><td>Displays a warning and records activities when the specified data type is detected in the file being uploaded to a website, but allows the upload.</td></tr><tr><td><strong>Keystroke</strong></td><td>Monitors and records keystrokes when the specified data type is entered, but does not block any activities.</td><td>Monitors and records keystrokes when the specified data type is entered.</td><td>Displays a warning and records activities when the specified data type is entered, but allows users to send the content.</td></tr><tr><td><strong>Website Posts (Texts)</strong></td><td>Blocks text from being posted to the website if the specified data type is detected in the text.</td><td>Monitors posted text and records activities when the specified data type is detected.</td><td>Displays a warning and records activities when the specified data type is detected, but allows the post.</td></tr><tr><td><strong>Transfer to Storage Media</strong></td><td>Blocks file transfers to storage media if the specified data type is detected in the file.</td><td>Monitors file transfers to storage media and records activity when the specified data type is detected.</td><td>Displays a warning and records activities when the specified data type is detected in the files being transferred to storage media, but allows the transfer.</td></tr><tr><td><strong>Document Access</strong></td><td>Blocks access to a document if the specified data type is detected in the document.</td><td>Monitors document access and records activity when the specified data type is detected.</td><td>Displays a warning and records activities when the specified data type is detected in a document, but allows access.</td></tr><tr><td><strong>Email Attachments</strong></td><td>Blocks the email from being sent if the specified data type is detected in the email attachment.</td><td>Monitors the email content and records activities when the specified data type is detected in the email attachment.</td><td>Displays a warning and records activities when the specified data type is detected in the email attachment, but allows the email to be sent.</td></tr></tbody></table>
   4. Click **Apply To This Row.** If you want to remove all selections for a data type, click **Clear This Row**.
7. Click **Continue**.
8. Review the configurations and click **Confirm** if everything is correct.\
   ![](/files/6Zl5yJMz20r6Enkm8LXz)

You will see the newly created user policy on the **User Policies** list. Once a policy is created, you can assign it to users, and INSIGHT begins monitoring user activity based on the configured settings.

When a defined condition is met (for example, sensitive data is detected on an application or document, INSIGHT takes the configured action, such as recording the activity, displaying a warning, and blocking the action. This ensures that user activity is continuously monitored and controlled according to organisational security requirements.

## Assign Users to a User Policy

To assign users to a user policy:

1. Navigate to ***INSIGHT > User Policies***.
2. Find the policy where you want to assign users and click **Assign Users** in the **ACTIONS** column.<br>

   <figure><img src="/files/xlipPdwF0DuVVWlMXMMh" alt=""><figcaption></figcaption></figure>
3. Filter the users by selecting the Security Group and Location. You can also search for a user using the search bar.
4. Enable **Assign New Users only** \<TBD> if you want to filter only users who are not assigned to any policy yet.
5. Select the users you want to assign the policy to and click **Assign**. \
   ![](/files/RxGDAfjcWhUmdCK0Sd0j)
6. If the selected users are already assigned to another policy, a confirmation message appears. Click **Yes, Assign** to replace their existing policy with the new policy.

## View User Policy Details

To view the policy details:

1. Navigate to ***INSIGHT > User Policies***.
2. Find the policy you want to view and in the **ACTIONS** column, click the **View** icon.\
   \
   The policy overview page opens, where you can review its configuration, including applied rules, selected activities, and enforcement settings.<br>

   <figure><img src="/files/i2ev0UKDnRYjudWNOvau" alt=""><figcaption></figcaption></figure>

## Edit User Policy

To edit a user policy:

1. Navigate to ***INSIGHT > User Policies***.
2. Find the policy you want to edit and in the **ACTIONS** column, click the **Edit** icon.<br>

   <figure><img src="/files/d5La7hVuA2knglkDTeTY" alt=""><figcaption></figcaption></figure>
3. Edit the details and click **Confirm**.

## Delete User Policy

To delete a user policy:

1. Navigate to ***INSIGHT > User Policies***.
2. Find the policy you want to delete and in the **ACTIONS** column, click the **Delete** icon.<br>

   <figure><img src="/files/eHe4foTNRv8NoL0gt0uc" alt=""><figcaption></figcaption></figure>
3. Click **Yes, delete** in the confirmation alert.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.guardware.com/insight/guardware-insight/insight-v5/user-policies.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.