The Umbrella Documentation Hub

Welcome to the Umbrella documentation hub. Here you'll find access to all of our Cisco Umbrella user guides.

Get Started    

3. Configure Policies

Once verifying that all Active Directory (AD) components were integrated successfully, define and apply security and acceptable use policies to AD Groups.

  1. Navigate to Policies > Management > All Policies and click Add or click the name of an existing policy.
  1. Check the AD Groups box if you want to apply a single policy for all AD users and/or computers, or check the box next to one or more specific groups. To remove a selected group, uncheck its box.
  1. Click Next.


Clicking a group will show its members including nested groups, user accounts or computer accounts. Selecting the group will apply the policy to all its members. You can select only a nested group, but not an individual user or computer account. As a best practice, centrally manage your group memberships through AD. Any changes will be synced with Umbrella within a few minutes.

  1. Select which path you'd like this policy to take. We recommend enforcing security settings at the DNS layer, limiting content settings and applying destinations lists for your identity or identities.
  2. Complete the wizard, applying settings that meet your organization's needs.
  3. In the final step of the policy wizard, give your policy a meaningful name, review settings, and click Save.
    Note: The policy you created will be applied within 60-90 seconds to any new connections coming into Umbrella through the VAs.

Policy execution follows a top-down, first-match order of operations. The first policy assigned to an identity is enforced. Any subsequent policies assigned to the same identity are ignored. There is an editable, but immutable, Default policy (always ordered last), which is a catchall for any identity. For more information, see Policy Precedence.

2. Connect Active Directory to Umbrella < 3. Configure Policies > 4. Route DNS Traffic

Updated 10 months ago

3. Configure Policies

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.