Understanding policies
All controls within the SurePath AI platform are driven by admin-defined policy. There are two types of policy within the SurePath AI platform, the Default Policy which applies to all members of a SurePath AI tenant and Group Policy which applies to a specific group of users within a SurePath AI tenant.
Combined, these policies allow users to access specific GenAI sites, dictate which sensitive data entities need to be monitored, control which MCP tools are available to GenAI applications, define custom intent topics for monitoring specific types of requests, and determine which private models, data sources, and assistants are available inside the private portal. This article will help administrators understand these policies and how to configure them to enforce their organization's GenAI policy.
SurePath AI policy cheat sheet
Policies are built from most restrictive to least restrictive
Default policies apply to all users within a tenant
Group policies give users additional access to services and resources
Group policies are additive to the default policy
Users can have multiple group policies applied at the same time
Service Block Lists from default and group policies are concatenated together
Blocked services are evaluated before allowed services and override all default service actions
MCP Tool Block Lists and Allow Lists work together with the Allow Read-only setting and Catch-all Action
Intent Topics use vectorized embeddings to match prompt intent, not just keywords
Policy at tenant creation
Given that, without SurePath AI, the ability to know how the workforce is using GenAI and what violations of company policy are taking place, when a SurePath AI tenant is first deployed, it comes configured in Monitor mode. This allows administrators and security stakeholders to capture usage data and evaluate the risks occurring within the organization.
Workforce interactions with GenAI services are simply monitored and violations are logged without altering the user experience. In this mode of operation, valuable data is generated regarding the use of GenAI within the organization and can be used to help define the first iterations of policy within the SurePath AI tenant. When an organization is ready to apply policy, the Default Public Service Action setting can be toggled from Allow - Monitor to Allow - Protect to Block in either the default or group policy level and the defined policy will be applied.
Allow - Monitor
All requests to known services will be allowed, and the Allowed Services list will be ignored. In addition, all Sensitive Data controls and settings will be set to "Monitor".
Allow - Protect
All requests to known services will be allowed, and the Allowed Services list will be ignored. All Sensitive Data controls and settings will be applied.
Block
All requests to known services will be blocked by default, and individual services can be allowed via the Service Access Control setting. The blocking action will be determined by the Service Block Action setting.
Service Block List
In addition to the Default Public Service Action setting, admins can explicitly block specific services using the Service Block List. This feature is available in both the Default Policy and Group Policies, providing granular control over which services are blocked for users.
The Service Block List operates with the following behaviors:
Blocked services are evaluated before allowed services. If a service appears in both the block list and the allowed services list, the block takes precedence and the service will be blocked.
Blocked services override the Allow - Monitor and Allow - Protect default service action settings. Even when the default service action is set to allow access, services in the block list will be blocked.
When a service is blocked, the Service Block Action setting determines what happens (redirect to the Portal, redirect to a custom URL, or show a no-access page).
The Service Block List follows the same additive nature as other policy settings. Block lists from the Default Policy and all assigned Group Policies are concatenated together, meaning a user's final block list includes all blocked services from all policies that apply to them.
This feature allows organizations to maintain a permissive default service action while still preventing access to specific services. For example, admins can set the default service action to Allow - Protect to allow access to most GenAI services while explicitly blocking specific services that are not approved for organizational use.
The policy basics
SurePath AI, like other security products, practices a least privilege approach to the workforce use of GenAI. Because of this, administrators must add access to all resources that SurePath AI protects using the default and group policies. These policies govern the use of both public services and the SurePath AI portal.
Group Policy controls
Group policies can only be used to provide additional access and lessen restrictions on users. This means that users can be members of multiple group policies, each of which can add additional access to the user.
Services
The Services tab controls which public GenAI services users can access and what happens when access to a service is blocked. Admins can build an allowed list of services, block specific services regardless of the default service action, and configure how blocked access attempts are handled.
Service Access Control List
Allows specific public GenAI services like ChatGPT, Claude, or Microsoft Copilot for users in this policy.
Service Block List
Blocks specific services regardless of the default service action setting. Services in the block list are always blocked, even when the default service action is set to Allow - Monitor or Allow - Protect.
Service Block Action
When a user attempts to access a blocked service, the Service Block Action determines what happens next. Admins can choose from three options: display a no-access page that explains to the user they aren't permitted to access the site or service, redirect to the Portal which sends the user to the SurePath AI private GenAI portal where all requests can be sent safely and securely with no risk of sensitive data loss or leakage, or redirect to a custom URL which is a customer-defined URL, usually either an approved GenAI service or the organization's acceptable use policy.
MCP Tools
MCP Tools are discovered by SurePath AI through monitoring MCP usage in AI tools across the workforce. SurePath AI intercepts MCP payloads and removes tools that are either blocked by policy or in violation of capability requirements, such as tools that are not read-only. When a tool violates policy, it is removed from the MCP payload before being sent to the backend service, which means that service will not have access to leverage that tool.
MCP Tool Block List
Explicitly blocks specific MCP tools that have been discovered in the environment. Blocked tools are removed from MCP payloads before they reach backend services.
MCP Tool Allow List
Explicitly allows specific MCP tools that have been discovered in the environment. Allowed tools will always be included in MCP payloads.
Allow Read-only
When enabled, automatically allows all read-only MCP tools without requiring them to be added to the Allow List. This setting streamlines policy management for lower-risk tools.
Catch-all Action
Determines the default action taken for MCP tools that are not explicitly allowed or blocked. This setting provides control over how the system handles tools that fall outside of the defined block and allow lists.
Sensitive Data
The Sensitive Data tab includes Content Controls and PII Detection settings that monitor, redact, or block sensitive information in requests to public GenAI services. For detailed information about Content Controls (High-risk Request, Confidential Data, Programming Language, Harmful Content, Prompt Injection) and PII Detection Settings, refer to the Sensitive Data policy documentation.
Content Controls
Inspect requests for risky patterns such as harmful content, prompt injection, high-risk heuristics, code, and potential confidential data. Available actions include Monitor, Warn, Tag, Mask, Delete, and Block depending on the control type.
PII Detection Settings
Enable or disable detection of personally identifiable information in requests to public services, and choose a global action that applies to all enabled PII entities.
PII Entities
Select specific types of personally identifiable information to detect, such as Phone Number, Credit Card, Email Address, Social Security Number, and others. Entities can be filtered by compliance framework including GDPR, CCPA/CPRA, PCI/DSS, HIPAA, GLBA, and FERPA.
Intents
Intent Topics allow organizations to create custom categories of prompts to monitor or block within their environment. For example, an organization might want to monitor for prompts that involve medical diagnostics or gambling and ensure that those prompts are blocked on organization systems. This capability allows organizations to tailor policy to their specific vertical or business needs.
Creating an Intent Topic requires a list of 50 to 200 sample prompts that represent the category, and generating these samples with GenAI is recommended. The sample prompts are turned into vector embeddings, which allows SurePath AI to quickly match user prompts against the customer-defined intent topics.
Intent Topic Controls
Choose which action is taken when a GenAI request matches a defined intent topic. Actions can include Monitor, Warn, or Block depending on the sensitivity of the topic and organizational requirements.
Portal
The Portal tab controls access to the SurePath AI private GenAI portal and determines which private models, data sources, and assistants are available to users in this policy.
Allow Access to Portal
Once a tenant has enabled a private model, the portal becomes available to all users. This toggle changes the Service Block Action behavior for users in this policy, determining whether blocked service requests can be redirected to the Portal.
Portal Private Model Settings
Choose which private models are available for users in the portal and set the default model that will be selected when a user is redirected to the Portal or accesses it directly.
Data Source Assignment
Select which Data Sources users have access to when making requests in the private portal. Data sources provide additional context and information to private models.
Assistant Assignment
Select which Assistants users have access to within the portal. Assistants are pre-configured AI helpers designed for specific tasks or workflows.
Default Policy
The SurePath AI default policy applies to all users in a SurePath AI tenant. The default policy should be the most restrictive policy granting access to only services or resources that have been approved to the entire organization. Group policies should be used to provide access to services and resources to targeted groups of users.
If the organization has approved all users access to a specific GenAI site, like Microsoft Copilot, then adding it in the Default Policy makes the most sense since all users will gain access to the services and resources from the Default Policy. Another valid configuration would to allow no access to any services or resources
Group Policy
Group Policies are used to add or allow additional access to services and/or resources over what is granted via the Default Policy. Group Policies are applied to users by associating a group (either manually created or imported via the Directory Sync feature) to a SurePath AI Group Policy.
Group policies are additive and a user can have multiple group policies applied at the same time. Group Policies contain all the same settings as the Default Policy just applied to a more specific set of users.
Sensitive Data settings
Sensitive Data settings are also built from least restrictive to most restrictive. Because of the additive nature of Group Policies and that Group Policies add access or in other words, eliminate restrictions. Because of this, if Sensitive Data settings are disabled in the Default Policy, they can not be enabled or changed in Group Policy, as the Default policy must be more restrictive than Group Policy.
With Sensitive Data, the most restrictive Sensitive Data settings must be implemented at the Default Policy level and then exceptions can be made within Group Policy to allow or lessen the action regarding the detection of sensitive data.
If there were a group of users that didn't need to be monitored for the use of phone numbers, within the Group Policy, an exception could be made for the PII entity of phone number. However, unless the Default Policy has the sensitive data settings enabled, no change can be made at the Group Policy.
Sensitive Data Settings ranked from most restrictive to least restrictive
Rank | Content Controls | PII Detection |
Most restrictive | Block | Block |
↓ | Warn | Delete |
↓ | Monitor | Mask |
↓ | Ignore | Tag |
↓ |
| Synthesize |
↓ |
| Warn |
Least restrictive |
| Monitor |
Example use cases of SurePath AI policy
Allow the entire company to use Microsoft Copilot and allow a specific group of users to access ChatGPT
Default policy
Add Microsoft Copilot to the Default Policy of the organization.
Group policy
Add ChatGPT to the Group Policy that is assigned to the group of users that require the access.
For the entire organization, delete all PII entities from generative AI prompts to external services with an exception for a specific group of users that only logs the exception but doesn't alter the prompt
Default policy
Enable the desired PII entities in the PII Detection settings and set the Action to Delete
Group policy
Set the PII Detection settings to Log only
NOTE: Since group policies can only allow access or reduce restrictions, in this example, the Block action won't be an option in the group policy settings, only actions that are less restrictive can be selective.
For the entire organization, monitor for the URL PII entity in generative AI prompts to external services with an exception for a specific group of users that doesn't monitor for the URL entity type
Default policy
Enable the URL PII entity
Group policy
Disable the URL PII entity
NOTE: Since group policies can only allow access or reduce restrictions, in this example, PII entities can only be disabled in group policies. PII entities that are not enabled in the Default Policy can not be enabled in a group policy.
Allow all users access to a company-wide data source and the engineering team access to an engineering-specific data source
Default policy
Add the company-wide data source to the Default Policy
Group policy
Add the engineering-specific data source to the engineering Group Policy
Allow access to most GenAI services but block specific unapproved services for the entire organization
This use case demonstrates using the Service Block List to prevent access to specific services while maintaining a permissive default service action.
Default policy
Set the Default Public Service Action to Allow - Protect to allow access to most GenAI services with data protection enabled. Add specific services like DeepSeek, Grammarly, and Grok to the Service Block List to prevent access to these services.
Set the Service Block Action to Redirect to the Portal to guide users to approved alternatives when they attempt to access blocked services.
Result
Users will have access to most GenAI services with data protection applied, but attempts to access DeepSeek, Grammarly, or Grok will be blocked and users will be redirected to the Portal. This approach allows organizations to maintain broad access while preventing use of specific unapproved services.
Block a service for most users but allow access for a specific group
This use case demonstrates how the additive nature of the Service Block List allows admins to block services broadly while making exceptions for specific groups.
Default policy
Add a specific service to the Service Block List to block it for all users by default.
Group policy
For the group that needs access to the blocked service, do not add the service to the Service Block List in the group policy. Instead, add the service to the Allowed Services list.
Result
Most users will have the service blocked, but users in the specific group policy will have access. However, note that since block lists are concatenated, if the service is in the Default Policy block list, it will be blocked for all users regardless of group policy settings. To enable service-level exceptions, admins should use the Block default service action and manage access through the Allowed Services lists instead of the Service Block List.
Allow read-only MCP tools while blocking specific risky tools
This use case demonstrates how to leverage MCP tool controls to allow safe read-only operations while preventing potentially risky tool usage.
Default policy
Navigate to the MCP Tools tab in the Default Policy. Enable the Allow Read-only toggle to automatically permit all read-only MCP tools. Add specific high-risk tools to the MCP Tool Block List, such as tools that provide file system access, web scraping capabilities, or external API calls that could exfiltrate data. Set the Catch-all Action to Monitor to observe tools that fall outside of the block and allow lists.
Result
Read-only MCP tools will work automatically without requiring manual approval, reducing administrative overhead while maintaining security. High-risk tools added to the block list will be removed from MCP payloads before reaching backend services, preventing their use. The Monitor action on uncategorized tools provides visibility into tool usage patterns, allowing admins to refine their block and allow lists over time based on actual usage.
Verifying a user's policy
The policy that is being applied to a user can be verified using the admin interface at https://admin.surepath.ai:
In the CONFIGURE section of the menu, under Users & Groups, select End Users
Search for the user whose policy needs to be examined and click the > icon on the right side of the user row
At the bottom of the fly-out, in the Policies section, all applied policies can be viewed including all the allowed services, blocked services, MCP tool settings, intent topic controls, sensitive data settings, and assigned portal resources.