In what state is the Policy Audit configuration when a new set is created?

When a new Policy Audit configuration is created in the CyberArk Endpoint Privilege Manager (EPM), it starts in a Disabled state. This initial state ensures that the policy does not immediately affect endpoint behavior or user access rights until it has been properly reviewed and intentionally enabled by an administrator. This design helps prevent unintentional disruptions in operations or security issues that could arise from deploying a new policy without thorough examination.

The Disabled state provides administrators the opportunity to verify the policy's settings, make adjustments as needed, and ensure that it aligns with organizational security requirements before activating it. In contrast, the other states imply varying levels of activity, where being Active or Enabled suggests that the policy would actively enforce rules on the endpoints, while Suspended could indicate that the policy has been temporarily halted but is still noted in the system for future activation or review.