The advanced settings page allows you to configure the Admin alerting and Plug-in defaults section.
The admin alert settings are the same for Gmail DLP and Gmail encryption protection. You can refer to the Gmail DLP admin alerting section for details on configuration. Data encryption policies support alerting to Slack, Email and Webhooks.
The Encryption Settings section consists of automated actions. Automated actions are automatically applied on emails before they reach the recipient's email. You must first enable the toggle switch and then select the check box for the required action to be applied in the policy. Nightfall supports the following automated actions.
With this action, recipients cannot forward the email to any other user or user group. Once enabled, the forward button is hidden for senders within Gmail. By default, recipients cannot forward any emails or add additional recipients when replying to emails via the Secure Reader
With this action, the recipients cannot download or copy the contents of attachments included in the email. Attachments with persistent protection enabled can only be accessed via the secure reader.
This action allows you to set an expiration time on the email. With this action, the encrypted email has an expiration time after which the recipients cannot access the email.
The settings configured by the Nightfall admin are applied by default to all the user/user groups who are included in the policy scope. However, in some cases, the default settings configured by Nightfall admin are overridden. The following section describes the scenarios in which each of the encryption settings can be overridden.
While Nightfall administrators set default encryption settings in policies, users have some flexibility to modify these settings when composing emails. Here's how each setting can be overridden:
Users can enable forwarding even if it's disabled by default in the policy.
Users can enable persistent protection on attachments even if it's disabled by default.
Users can enable expiration even if it's disabled by default. If both admin and user set an expiration time, the shorter time period is applied.
Key Points:
User actions in the Gmail compose window can override default policy settings.
This flexibility allows for case-by-case adjustments to encryption settings.
For expiration times, the most restrictive (shortest) time is always used.
This approach balances organizational security policies with user discretion, allowing for adaptability in specific communication scenarios while maintaining overall security standards.