You can create rules to control access to specific cloud applications. Cloud apps are organized into categories to facilitate defining rules for similar applications.

Additionally, you can define a daily quota by bandwidth or time. When users browse to these sites after their quota has been reached, the Zscaler service displays a message that explains that the content cannot be viewed because they exceeded their daily quota.

To add a rule, you can go to Policies > Access Control > Internet & SaaS > Policies and choose a category.

See image.

Click on a cloud application category below to learn more about creating rules for the category.

• AI & ML Applications
• Collaboration & Online Meetings
• Consumer
• Custom Applications
• DNS Over HTTPS Services
• File Sharing
• Finance
• Health Care
• Hosting Providers
• Human Resources
• Instant Messaging
• IT Services
• Legal
• Productivity & CRM Tools
• Sales & Marketing
• Social Networking
• Streaming Media
• System & Development
• Webmail

The cloud app control policy rules can also be applied to IoT devices from a location or a sub-location that has the Enforce IoT Policy Control option enabled. You can apply the rules to IoT devices that are identified and classified (e.g., Printers, Sensors, etc.) by the Zscaler AI/ML under the IoT group in the Device Groups criterion.

Zscaler provides the Allow Unauthenticated Traffic for IoT Classifications predefined rules for the preceding cloud application categories. You can enable these rules to temporarily allow unauthenticated traffic that could be blocked by other rules, so that the Zscaler AI/ML can classify devices. These rules are disabled by default and cannot be deleted. You can modify the Rule Order, Rule Status, Rule Label, and Description for these rules and cannot edit other attributes.

For information on the order in which the service enforces all policies, including this policy, see Understanding Policy Enforcement.