Modules Overview¶
PolicyClue is organized into modules - self-contained feature sets that can be individually subscribed to.
Available Modules¶
| Module | Current Features | Planned Features |
|---|---|---|
| Awareness | Reusable trainings with decks and quizzes, linkable to multiple policies · Awareness Dashboard with training completion analytics · Quizzes with multiple question types (multiple choice, free text, numeric, exact match) · Configurable training frequency and repetition intervals · Training deferral with desktop notifications · Random deck selection per training · Import from templates · Custom branding (popup styles, company logo) · Multilingual UI (EN, DE, FR, IT) · Available on Browser Extension and Outlook Add-in | Learning paths with progress tracking · Gamification (points, badges, leaderboards) · Microlearning nudges · Role-based content assignment · Compliance calendar with due dates |
| Security | Browser vulnerability exposure scanning against CVE databases · CVSS scoring and severity tracking per vulnerability · Automatic resolution when browsers are updated · Browser-based anti-phishing with configurable enforcement (report, warn, block) · Download guard with blocklist/whitelist mode and four enforcement levels · Predefined download filter templates (Executables, Archives, Documents Only, High Risk) · Full file transfer audit trail (all downloads and uploads logged with metadata) · Vulnerability and phishing dashboards | Shadow IT discovery · Password hygiene · Endpoint risk scoring · Browser hygiene dashboard |
| Phishing | One-click phishing email reporting from Outlook ribbon · Email body and all attachments extracted and stored as alert attachments · Reported emails soft-deleted from user's inbox · Automated sandbox analysis with risk scoring (0–10) · Color-coded risk badges in alert inspector · Attachment download from portal for manual investigation · Webhook forwarding to external SIEM/SOC tools | - |
| Data Loss Prevention | Browser DLP: real-time scanning of form fields, contenteditable elements, and file uploads · Outlook DLP: on-send scanning of email body and attachments with per-recipient domain policy resolution · Teams DLP: server-side monitoring of all channel and chat messages via Microsoft Graph API · Four enforcement modes (report, alert, mask & overridable, block with appeal) · File format extraction (PDF, OOXML, ODF, plain text, sniff mode) · File type detection via extension matching and MIME magic bytes · DLP pattern templates (Financial, PII, IT, Patient Data, File Types) · Pattern exceptions and case-insensitive matching · CSV bulk import of patterns · User overrides with reason selection and block appeals · Session-level alert deduplication · ReDoS protection on pattern validation · DLP inspection dashboard with analytics | SharePoint DLP support · Data classification label compliance |
| Governance | GenAI prompt recording on monitored AI tool pages · File transfer recording (upload/download audit logging) with Data Flows dashboard · Input recording per policy with Governance tab toggle · GenAI Prompts dashboard with KPI cards, charts, and activity table · Auto-enable flows for quick setup | Prompt injection prevention · Sensitive data detection in AI prompts · AI usage policies per user/group · GenAI app monitoring |
| Breach & Attack Simulation | Phishing email simulations (manual + monthly auto mode) with realistic lures, tracking pixel, landing page, and password-safe form capture · Outlook add-in surfaces positive feedback when a simulated email is correctly reported · IoC dropping (EICAR, Mimikatz signatures, PowerShell pattern) via the browser extension to validate AV / EDR / NDR / web-proxy detection · Refresher training auto-assignment on open / click / submit · Phishing-indicator spotgame as an optional pre-training step · Source-mode targeting (all / manual / logs / M365 directory) with CSV bulk-import and replace mode · Phishing Simulations and IoC Droppings dashboards (KPIs, sankey funnels, top failed / reporters, time-to-detect) · Auto-mode cooldown (max 1 simulation per calendar month per user) | Custom IoC files via approved review · Smishing and QR-code phishing tests · A/B template testing · Executive reporting with industry benchmarks · Calendar view of scheduled simulations |
| Insider Risk Management | N/A | User risk scoring · Exfiltration detection · Behavioral baselines · Anomaly alerting |
Platform Support Matrix¶
The following table shows which features are available on each platform.
Awareness Module¶
| Feature | Browser Extension | Outlook Add-in |
|---|---|---|
| Reusable trainings (decks + quizzes) | ✅ | ✅ |
| Website blocking with optional custom block page | ✅ | ✅ |
| Awareness Dashboard | ✅ | ✅ |
| Quizzes (multiple choice, free text, numeric, exact match) | ✅ | ✅ |
| Training delay / deferral | ✅ | ✅ |
| Training frequency intervals | ✅ | ✅ |
| Random deck selection | ✅ | ✅ |
| Import from templates | ✅ | ✅ |
| Custom branding (popup styles, company logo) | ✅ | ✅ |
| Multilingual UI (EN, DE, FR, IT) | ✅ | ✅ |
| Training gate (fallback for restricted pages) | ✅ | - |
| Desktop notifications for delayed training | ✅ | - |
DLP Module¶
| Feature | Browser Extension | Outlook Add-in | Microsoft Teams |
|---|---|---|---|
| Text-based DLP scanning | ✅ Form fields, contenteditable | ✅ Email body | ✅ Channel & chat messages |
| Real-time scanning during input | ✅ Event-driven (focusout, paste, submit) | ✅ Polling (3s interval, 1s debounce) | - Server-side |
| File-based DLP scanning | ✅ File uploads, drag-and-drop | ✅ Email attachments | - |
| PDF text extraction | ✅ | ✅ | - |
| OOXML extraction (.docx, .xlsx, .pptx) | ✅ | ✅ | - |
| ODF extraction (.odt, .ods, .odp) | ✅ | ✅ | - |
| Plain text / sniff mode | ✅ | ✅ | - |
| Enforcement mode 0 - Report (silent) | ✅ | ✅ | ✅ |
| Enforcement mode 1 - Alert (notify user) | ✅ | ✅ | ✅ |
| Enforcement mode 2 - Mask & Overridable | ✅ Text masking with asterisks | ✅ Send blocked, override via task pane | ✅ Policy violation block (best-effort, requires E5) |
| Enforcement mode 3 - Block (appeal only) | ✅ Text masking, no override | ✅ Send blocked, appeal only | ✅ Policy violation block (best-effort, requires E5) |
| User overrides with reason selection | ✅ | ✅ | - |
| Block appeals with justification | ✅ | ✅ | - |
| Pattern exceptions (substring exclusion) | ✅ | ✅ | ✅ |
| Case-insensitive matching | ✅ | ✅ | ✅ |
| Session-level deduplication | ✅ Per page session | ✅ Per compose session | ✅ Per message ID |
| On-send final check | - | ✅ | - |
Security Module¶
| Feature | Browser Extension | Outlook Add-in |
|---|---|---|
| Vulnerability exposure scanning | ✅ Browser CVE detection | - |
| Anti-phishing detection | ✅ Browser-based anti-phishing | ✅ Email HTML analysis |
| Anti-phishing - report only (mode 1) | ✅ | ✅ |
| Anti-phishing - warn & overridable (mode 2) | ✅ | ✅ |
| Anti-phishing - block if certain (mode 3) | ✅ | ✅ |
| Download guard / attachment guard | ✅ File downloads | ✅ Email attachments |
| Download guard - blocklist mode | ✅ | ✅ |
| Download guard - whitelist mode | ✅ | ✅ |
| Download guard - warn enforcement | ✅ | ✅ |
| Download guard - block enforcement | ✅ | ✅ |
| File transfer audit trail | ✅ All downloads logged (security events always; audit logs require Governance) | ✅ All attachments logged |
Governance Module¶
| Feature | Browser Extension | Outlook Add-in | Microsoft Teams |
|---|---|---|---|
| GenAI prompt recording (input recording) | ✅ | - | - |
| File transfer recording (upload/download logging) | ✅ | - | - |
Platform & Deployment¶
| Feature | Browser Extension | Outlook Add-in | Microsoft Teams |
|---|---|---|---|
| Deployment method | Chrome Web Store / managed policy | M365 Admin Center (XML) / Exchange Admin Center (XML) | Azure AD app registration + portal credentials |
| Configuration | Chrome managed storage (GPO/MDM) | Office.js roaming settings | Automatic (all channels & chats monitored) |
| User identification | Chrome profile email | Office.js mailbox user | Graph API message sender |
| Fail-open on error | ✅ | ✅ | ✅ |
| Alert reporting to portal API | ✅ | ✅ | ✅ (server-side) |
| Webhook forwarding | ✅ | ✅ | ✅ |
| Per-domain policy resolution | ✅ Current hostname | ✅ Per recipient domain (To/CC/BCC) | ✅ Per participant domain (channel/chat members) |
| Multi-domain alert attribution | - Single hostname | ✅ Traced to originating domain | - Per channel/chat |
Subscriptions¶
Tenants can subscribe to modules from the Tenant Settings page. Each subscription:
- Supports monthly or yearly billing
- Can apply an optional discount code for reduced pricing or free trials
- Can be cancelled at any time; access remains until the cancellation date
The Awareness module is available at no cost for up to 20 users. Beyond 20 users, a subscription is required.
Discount Codes & Trials¶
Discount codes can reduce the subscription cost. When a discount code includes a trial period, the subscription auto-expires after the specified number of days, giving tenants a risk-free way to evaluate modules.
Feature Gating¶
Each module contains one or more features. Access to a feature requires an active subscription to its parent module (or ≤ 20 users for Awareness). API endpoints that depend on a specific module or feature will return HTTP 403 if the tenant lacks the required subscription.