Skip to main content

Policy configuration overview

You have the option of configuring the rules in a default policy or creating a custom policy. When you create a custom policy, it contains the rules from the default policy — to which you can customize to meet the security needs of your organization.

Each policy must have a minimum of two authentication rules at any given time. To delete a custom policy, you must reassign any resources still in that policy to another policy before deletion.


  • Be sure you have enabled at the global level, the multi-factor authentication (MFA) methods you want to make available to your users as part of the login workflow.

    For more information about setting up the global MFA methods, see Global multi-factor authentication (MFA) methods overview.

Next steps

Configure your policy rules like adaptive authentication, blocking rules, and login workflows.