Desktop · Policy Push

Centralized push of enterprise security policies to all desktop clients. Supported in both SaaS and Private deployment.

Policy Categories

Category	Controls
Login	SSO / email + password strength + max concurrent devices
Data access	Local cache scope + offline access scope
File upload	Type allowlist + per-file size + total quota
Screen watermark	Username / email / timestamp + anti-screenshot
Auto-lock	Idle timeout in N minutes
Download restrictions	Whether to allow exporting conversations / files
Copy/paste restrictions	Restrict copying sensitive conversations

Configuration Flow

Admin console → Desktop · Policy → Edit → Save
        ↓
    Auto-pushed to all online clients
        ↓
    Client enforces at action time (login / cache / file / copy, etc.)
        ↓
    Violations: blocked + written to audit log

When Policies Take Effect

Policy	Effective
Login policy	Next login
Data access	Immediately (cached data is purged per the new policy)
Screen watermark	Immediately
Auto-lock	Immediately
File upload / download	Immediately (already-downloaded files not retroactive)

Difference vs Resource Policy

	Resource policy	Desktop policy
Object	Resources (Agent / KB / Tool)	Device behavior of the desktop client
Scope	Web / API / client	Desktop client only
Example	"Finance can't edit Marketing Agents"	"Disable copy/paste / enable watermark"

A Real Example

Policy: Finance Compliance
- Login: SSO required; email login disabled
- Multi-device: max 2 concurrent
- Screen watermark: username + email + timestamp
- File upload: no zip / exe / files > 100MB
- Copy/paste: external copy disabled
- Auto-lock: 5-minute idle

After push, all clients run under this policy immediately. Violations enter audit events.

Next Steps

Review violations → Audit events
General client settings → Desktop settings