Automatically Blocking Compromised Accounts – Default Behavior Change
Harmony Email & Collaboration to automatically block compromised accounts by default
Internal accounts can be compromised in many different ways. Once they are compromised, within a very short period of time they will be used to deepen the attacker’s hold on corporate resources, be it sending phishing emails to the compromised user’s colleagues or access and leak sensitive data out of the organization. To handle these incidents, we recently released the new workflow to automatically block compromised accounts and we are already seeing great results. Over the last month we worked closely with some of our design partners and monitored customers that have already enabled the workflow, and based on their feedback, we have also released the latest option to granularly decide whether or not to automatically block compromised Microsoft 365 administrators.
And now – the new workflow becomes the default.
For every Harmony Email & Collaboration portal, the default behavior of the system is now changed:
- Compromised accounts will be automatically blocked and all portal admins will be notified.
- Microsoft 365 administrators detected as compromised will not be automatically blocked
Suspected compromised accounts will still not be automatically blocked by default, unless you changed the default workflow in your portal.
To change this new behavior, go to Config -> Security Engines -> Anomaly Detection -> Configure and select the desired workflows.
Note – this change will take place gradually over the next 10 days.