Skip to content

Organization Adaptive Policy Configuration

Dashboard Location: Organization > Adaptive Policy

Organization-Wide Adaptive Policy and Dynamic Security Management

Section titled “Organization-Wide Adaptive Policy and Dynamic Security Management”

Adaptive Policy configuration in Meraki organizations provides administrators with comprehensive dynamic security capabilities, enabling Security Group Tag (SGT) based network segmentation, policy-driven access control, contextual security enforcement, and automated security group assignment. This functionality supports zero-trust network architectures, micro-segmentation strategies, identity-based access control, threat containment, and dynamic policy enforcement based on user identity, device type, location, and behavioral analysis. Adaptive Policy is essential for advanced network security, regulatory compliance, data protection, insider threat mitigation, and maintaining granular security controls across distributed enterprise networks while supporting software-defined perimeter concepts and continuous security assessment.

Diagram
NameTypeConstraintMandatoryDefault Value
adaptive_policyClass[adaptive_policy]No

adaptive_policy (meraki.domains.organizations)

Section titled “adaptive_policy (meraki.domains.organizations)”
NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127No
settings_enabled_networksListString[min: 1, max: 127]No
aclsList[acls]No
groupsList[groups]No
policiesList[policies]No

acls (meraki.domains.organizations.adaptive_policy)

Section titled “acls (meraki.domains.organizations.adaptive_policy)”
NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127No
descriptionStringmin: 1, max: 1024No
rulesList[rules]No
ip_versionChoiceany, ipv4, ipv6No

groups (meraki.domains.organizations.adaptive_policy)

Section titled “groups (meraki.domains.organizations.adaptive_policy)”
NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127No
sgtIntegermin: 0, max: 65535No
descriptionStringmin: 1, max: 1024No
policy_objectsListString[min: 1, max: 127]No

policies (meraki.domains.organizations.adaptive_policy)

Section titled “policies (meraki.domains.organizations.adaptive_policy)”
NameTypeConstraintMandatoryDefault Value
source_groupClass[source_group]No
destination_groupClass[destination_group]No
aclsListString[min: 1, max: 127]No
last_entry_ruleChoiceallow, default, denyNo
organization_nameStringmin: 1, max: 127Yes
nameStringmin: 1, max: 127Yes

rules (meraki.domains.organizations.adaptive_policy.acls)

Section titled “rules (meraki.domains.organizations.adaptive_policy.acls)”
NameTypeConstraintMandatoryDefault Value
policyChoiceallow, denyYes
protocolChoiceany, icmp, tcp, udpYes
logBooleantrue, falseNo
tcp_establishedBooleantrue, falseNo
source_portAnyInteger[min: 0, max: 65535] or String[matches: `(?:[1-9][0-9]3[1-5][0-9]46[0-4][0-9]3
destination_portAnyInteger[min: 0, max: 65535] or String[matches: `(?:[1-9][0-9]3[1-5][0-9]46[0-4][0-9]3

source_group (meraki.domains.organizations.adaptive_policy.policies)

Section titled “source_group (meraki.domains.organizations.adaptive_policy.policies)”
NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127Yes
sgtIntegermin: 0, max: 65535No

destination_group (meraki.domains.organizations.adaptive_policy.policies)

Section titled “destination_group (meraki.domains.organizations.adaptive_policy.policies)”
NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127Yes
sgtIntegermin: 0, max: 65535No

Example-1: The example below demonstrates organization adaptive policy configuration using tested YAML configuration from pipeline fixtures.

meraki:
domains:
- name: !env domain
administrator:
name: !env org_admin
organizations:
- name: !env org
adaptive_policy:
settings_enabled_networks:
- !env network_name
policies:
- name: Corp Policy
organization_name: !env org
source_group:
name: USERS
sgt: 30
destination_group:
name: IOT
sgt: 40
acls:
- Permit Corp
- Deny Corp
last_entry_rule: allow
groups:
- name: USERS
sgt: 30
description: Corporate Users
# policy_objects:
# - Corp Policy
- name: IOT
sgt: 40
description: Corporate IOT Devices
# policy_objects:
# - Corp Policy
acls:
- name: Permit Corp
description: Permit Example
rules:
- policy: allow
protocol: tcp
source_port: 4000
destination_port: 6000
ip_version: ipv4
- name: Deny Corp
description: Deny Example
rules:
- policy: deny
protocol: tcp
source_port: 4001
destination_port: 6001
ip_version: ipv4