Configuring your Threat Prevention Policy

Jamf Protect Documentation
Solution
Application
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US

Configure your threat prevention policy to determine how threats are reported and remediated.

Requirements

Administrator access to your Jamf Security Cloud portal.

  1. In Jamf Security Cloud, navigate to Policies > Security > Threat prevention policy.
  2. Select the organization unit (OU) level at which you wish to apply the policy rules.
    Note:
    • If you only have one OU, configure your policy at root level, so that existing policy rules are inherited from root level to any additional leaf levels you may want to add in the future.

    • Exceptions and ignored threats are only configurable at the individual leaf OU level.

  3. (Optional) Expand the Admin summary email notifications section and then click the Alerts field for your threat category to select the frequency for receiving threat summaries via email.
    The Notification settings dialog is displayed.
  4. In the Notification settings dialog, perform the following:
    1. Select your required notifications from the following:

      • User notifications

      • Admin notifications

    2. Select the Notify for every occurrence checkbox next to each required notification.

  5. For each threat category in the Web threat prevention and Endpoint threat prevention panes, use the Mode switch to select either Active mode, which sends notifications about threat events to admins and users, or Log-only mode, which only logs events in the security event log.
  6. Adjust the Severity meter to indicate how severe you consider each threat type to be to your organization.
  7. For each threat category, select the Affects device risk checkbox to indicate whether you want this type of threat to contribute to devices' risk score in the security report. For more information see Threat Severity and Risk Scores.
  8. To configure alerts for a threat category, select the alert field and enable either User notifications, Admin notifications, or both.
    Note:

    If multiple occurrences of a threat are detected, Jamf Security Cloud will only notify on the first occurrence, unless you select Notify for every occurrence.

  9. If you prefer Jamf Security Cloud to automatically resolve threats upon detection, select the available option in the Auto response column.
  10. To configure a Signal UEM see, Configuring Signal UEM Using Jamf Security Cloud.
  11. In the Inheritance column, click Inherit to apply the root-level policy, or update the policy to change the inheritance setting to Override.
  12. Review your policy settings and click Save.
Your threat prevention policy is applied to devices enrolled with endpoint and network security capabilities.