Skip to content
Network as Code

Organization Adaptive Policy Configuration

Dashboard Location: Organization > Adaptive Policy

Organization-Wide Adaptive Policy and Dynamic Security Management

Section titled “Organization-Wide Adaptive Policy and Dynamic Security Management”

Adaptive Policy configuration in Meraki organizations provides administrators with comprehensive dynamic security capabilities, enabling Security Group Tag (SGT) based network segmentation, policy-driven access control, contextual security enforcement, and automated security group assignment. This functionality supports zero-trust network architectures, micro-segmentation strategies, identity-based access control, threat containment, and dynamic policy enforcement based on user identity, device type, location, and behavioral analysis. Adaptive Policy is essential for advanced network security, regulatory compliance, data protection, insider threat mitigation, and maintaining granular security controls across distributed enterprise networks while supporting software-defined perimeter concepts and continuous security assessment.

Diagram

Section titled “Diagram”
Diagram

Classes

Section titled “Classes”

organizations (meraki.domains)

Section titled “organizations (meraki.domains)”
NameTypeConstraintMandatoryDefault Value
adaptive_policyClass[adaptive_policy]No

adaptive_policy (meraki.domains.organizations)

Section titled “adaptive_policy (meraki.domains.organizations)”
NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127No
settings_enabled_networksListString[min: 1, max: 127]No
aclsList[acls]No
groupsList[groups]No
policiesList[policies]No

acls (meraki.domains.organizations.adaptive_policy)

Section titled “acls (meraki.domains.organizations.adaptive_policy)”
NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127No
descriptionStringmin: 1, max: 1024No
rulesList[rules]No
ip_versionChoiceany, ipv4, ipv6No

groups (meraki.domains.organizations.adaptive_policy)

Section titled “groups (meraki.domains.organizations.adaptive_policy)”
NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127No
sgtIntegermin: 0, max: 65535No
descriptionStringmin: 1, max: 1024No
policy_objectsListString[min: 1, max: 127]No

policies (meraki.domains.organizations.adaptive_policy)

Section titled “policies (meraki.domains.organizations.adaptive_policy)”
NameTypeConstraintMandatoryDefault Value
source_groupClass[source_group]No
destination_groupClass[destination_group]No
aclsListString[min: 1, max: 127]No
last_entry_ruleChoiceallow, default, denyNo
organization_nameStringmin: 1, max: 127Yes
nameStringmin: 1, max: 127Yes

rules (meraki.domains.organizations.adaptive_policy.acls)

Section titled “rules (meraki.domains.organizations.adaptive_policy.acls)”
NameTypeConstraintMandatoryDefault Value
policyChoiceallow, denyYes
protocolChoiceany, icmp, tcp, udpYes
logBooleantrue, falseNo
tcp_establishedBooleantrue, falseNo
source_portAnyInteger[min: 0, max: 65535] or String[matches: `(?:[1-9][0-9]3[1-5][0-9]46[0-4][0-9]3
destination_portAnyInteger[min: 0, max: 65535] or String[matches: `(?:[1-9][0-9]3[1-5][0-9]46[0-4][0-9]3

source_group (meraki.domains.organizations.adaptive_policy.policies)

Section titled “source_group (meraki.domains.organizations.adaptive_policy.policies)”
NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127Yes
sgtIntegermin: 0, max: 65535No

destination_group (meraki.domains.organizations.adaptive_policy.policies)

Section titled “destination_group (meraki.domains.organizations.adaptive_policy.policies)”
NameTypeConstraintMandatoryDefault Value
nameStringmin: 1, max: 127Yes
sgtIntegermin: 0, max: 65535No

Examples

Section titled “Examples”

Example-1: The example below demonstrates organization adaptive policy configuration using tested YAML configuration from pipeline fixtures.

meraki:
  domains:
    - name: "!env domain"
      administrator:
        name: "!env org_admin"
      organizations:
        - name: "!env org"
          adaptive_policy:
            settings:
              enabled_networks:
                - "!env network_name"
            policies:
              - name: Corp Policy
                organization_name: "!env org"
                source_group:
                  name: USERS
                  sgt: 30
                  name: "CORPORATE_USERS"
                  sgt: 10
                destination_group:
                  name: "GUEST_USERS"
                  sgt: 20
                acls:
                  - name: "PERMIT_CORPORATE"
                description: "Internet access only for guests"
                rules:
                  - policy: allow
                    protocol: tcp
                    source_port: "any"
                    destination_port: "80,443"
                  - policy: deny
                    protocol: any
                    source_port: "any"
                    destination_port: "any"
                ip_version: ipv4
              # IoT device communication
              - name: "IOT_DEVICE_ACCESS"
                description: "Limited IoT device communication"
                rules:
                  - policy: allow
                    protocol: tcp
                    source_port: "any"
                    destination_port: "443,8883"
                  - policy: allow
                    protocol: udp
                    source_port: "any"
                    destination_port: "53,123,1883"
                ip_version: ipv4
              # Critical system protection
              - name: "CRITICAL_SYSTEM_PROTECTION"
                description: "Protect critical infrastructure"
                rules:
                  - policy: deny
                    protocol: any
                    source_port: "any"
                    destination_port: "any"
                ip_version: ipv4
            policies:
              # Executive to corporate communication
              - name: "Executive to Corporate Policy"
                source_group:
                  name: "EXECUTIVE_USERS"
                  sgt: 5
                destination_group:
                  name: "CORPORATE_USERS"
                  sgt: 10
                acls:
                  - name: "EXECUTIVE_FULL_ACCESS"
              # Corporate to IoT access
              - name: "Corporate to IoT Policy"
                source_group:
                  name: "CORPORATE_USERS"
                  sgt: 10
                destination_group:
                  name: "IOT_DEVICES"
                  sgt: 30
                acls:
                  - name: "CORPORATE_STANDARD_ACCESS"
              # Contractor access restrictions
              - name: "Contractor Access Policy"
                source_group:
                  name: "CONTRACTOR_USERS"
                  sgt: 15
                destination_group:
                  name: "CORPORATE_USERS"
                  sgt: 10
                acls:
                  - name: "CONTRACTOR_LIMITED_ACCESS"
              # Guest isolation policy
              - name: "Guest Isolation Policy"
                source_group:
                  name: "GUEST_USERS"
                  sgt: 20
                destination_group:
                  name: "CORPORATE_USERS"
                  sgt: 10
                acls:
                  - name: "GUEST_INTERNET_ONLY"
              # Critical infrastructure protection
              - name: "Critical Infrastructure Protection"
                source_group:
                  name: "GUEST_USERS"
                  sgt: 20
                destination_group:
                  name: "CRITICAL_INFRASTRUCTURE"
                  sgt: 40
                acls:
                  - name: "CRITICAL_SYSTEM_PROTECTION"