Scope

The Scope section allows you to limit the policy's scope to specific users or groups, ensuring targeted application of encryption settings and also the default configuration for the encryption settings.

How Scope Works

Data encryption policies supports filtering based on users and user groups. These options provide flexible, granular control over who can use encryption features. The "Include all, except" options are particularly useful for creating broad policies with specific exceptions. Combining user and group options allows for complex, layered access control.

When both user and group options are used, they typically work additively (i.e., a user gets access if they meet either the user or group criteria). These settings determine who sees the encryption options in Gmail's compose window and who receives the default encryption settings. All the users, user groups are auto-populated from your identity provider and can be selected with prefix search capabilities. The different options and the behaviour of each option is as described below:

Filtering by Users

1. Monitor all: Only selected users will have access to encryption options in the Gmail compose window.

2. Monitor specific: Every user in the organization can access encryption options in the Gmail compose window.

3. Monitor all, except (or Exclude users): All users have access to encryption options in the Gmail compose window, except those specifically selected.

Filtering by User Groups

1. Monitor all: Only users in the selected groups will have access to encryption options in the Gmail compose window.

2. Monitor specific: Users in any group within the organization can access encryption options in the Gmail compose window.

3. Monitor all, except (or Exclude groups): Users in all groups have access to encryption options in the Gmail compose window, except those in specifically excluded groups.