SaaS Policy Recommendations work with next-generation firewalls that have a SaaS Security Inline subscription. SaaS Security Inline provides SaaS visibility and security controls that prevent data security risks of unsanctioned SaaS app traffic traversing your network. For certain applications, SaaS Security Inline administrators can now submit policy rule recommendations for individual application tenants. For example, a SaaS Security Inline administrator might create a policy rule recommendation to block downloads from Box for one tenant only.

The tenant-level policy recommendations are shown along with the application-level policy recommendations on the DevicePolicyRecommendationSaaS page for firewall. A tenant-level policy recommendation defines a number of custom apps collected into an application group. Each custom app can identify up to 10 tenants and one action to block.