How can I edit an Out-of-the-Box policy?

Unlike Custom policies, Out-of-the-Box policies can be configured but not edited. This means that only certain settings are modifiable. 

To configure an Out-of-the-Box policy, follow the steps presented in the carousel below:

Step 1


  • Go to SETTINGS
  • Click "Playbooks"
  • Click "See details" on the policy you want to edit (Policy Box)
  • Click "Edit"

Step 2

This will take you to the configuration settings specific to the policy, which may include options to enable an approval workflow, perform a specific management action, configure a trigger, and more.

Policy settings

The following settings apply to all Out-of-the-Box policies:

  • Enable policy: this prompts reporting on the number of identified issues (matched items). This setting is enabled by default, but you can disable it if you want to remove the policy from your playbook. However, note that disabling a policy can affect the results of your playbooks and Health Check.

By default, all CoreView's Out-of-the-Box policies are enabled but with workflow disabled and not displayed to operators.  

  • Threshold: this enables you to set what value will flag a policy as "red". For instance, if you have a policy that identifies inactive users with an E5 license, you might choose to flag the policy as "red" when there are 50 inactive licenses.


The following setting applies to all Out-of-the-Box policies:

  • Set as public: this allows you to control whether your delegated operators will have access to a policy. It works in conjunction with permission to access the Playbook dashboard. Once the delegated admin is granted permission to view the Playbook dashboard, they will be able to see all the public policies within that playbook.

Learn how to delegate a policy to an operator.

Remediation settings

These settings vary across different Out-of-the-Box policies:

  • Enable remediation: this executes the associated workflow that resolves the detected issues. You can configure certain aspects, such as setting an automated schedule for the remediation process or triggering it manually. Each Out-of-the-Box policy is configured to initiate either manual or automatic remediation actions.

  • Schedule remediation: you can schedule remediation on a daily, weekly, or monthly basis, and for certain event types, it's possible to schedule the remediation for manual or immediate remediation.

Example: if an admin with a weak password is identified, the remediation action could immediately trigger a password reset workflow. Additionally, some policies may not have automation, but the operator can manually run the remediation when needed. 

Discover the comprehensive list of all editable remediation settings for: