This policy allows users to access official corporate domains. By deploying the policy with high order of precedence, you ensure that employees can access trusted domains even if they fall under a blocked category like Newly seen domains or Login pages.
The categories included in this policy are not always a security threat, but blocking them can help minimize the risk that your organization is exposed to. For more information, refer to domain categories.
To minimize the risk of shadow ITOpen external link, some organizations choose to limit their users’ access to certain web-based tools and applications. For example, the following policy blocks AI assistants:
To protect against sophisticated phishing attacksOpen external link, you could prevent users from accessing phishing domains that are specifically targeting your organization. The following policy blocks specific keywords associated with an organization or its authentication services (such as okta, 2fa, cloudflare or sso), while still allowing access to official corporate domains.
To safeguard user privacy, some organizations will block tracking domains such as dig.whatsapp.com as well as other tracking domains embedded at the OS level. This policy is implemented by creating a custom blocklist. Refer to this repositoryOpen external link for a list of widespread tracking domains that you can add to your blocklist.
Block specific IP addresses that are known to be malicious or pose a threat to your organization. This policy is usually implemented by creating custom blocklists or by using blocklists provided by threat intelligence partners or regional Computer Emergency and Response Teams (CERTs).
The CIPA Filter is a collection of subcategories that encompass a wide range of topics that could be harmful or inappropriate for minors. It is used as a part of Project Cybersafe Schools to block access to unwanted or harmful online content.
Filter DNS queries to allow only specific users access.
The following example includes two policies. The first policy allows the specified group, while the second policy blocks all other users. To ensure the policies are evaluated properly, place the Allow policy above the Block policy. For more information, refer to the order of precedence.