Remediating Compromised Accounts

When Avanan detects compromised Microsoft user accounts (BEC), it allows you to perform actions (Block UserReset PasswordUnblock User, and Reset Password & Unblock) on these accounts from the Avanan portal itself.

Blocking a User Account

To block a user account from the Avanan portal:

  1. Open the User page of the user you need to block.
  2. From the User Meta Data section, click Block User.
    or
    From the Events page, click on the vertical ellipses icon (in the right side of the selected compromised account), and then select Block User.
  3. In the Block User Account pop-up that appears, click OK

Notes:

  • If you are using Azure AD as the SAML/SSO Identity Provider for your corporate assets, the users gets blocked from accessing all the assets including Microsoft
    365.
  • Blocking a user account terminates all the active sessions associated with the account.
  • Blocking a Microsoft user account resets the account password and requires the user to set a new password when unblocking their account
  • Blocking a Google user account will suspend the account. When a user account is suspended:
    • Email, documents, calendars, and other data are not deleted.
    • Shared documents are still accessible to collaborators.
    • New email and calendar invitations are blocked.

Resetting a User Account Password

To reset a user account password from the Avanan portal:

  1. Open the User page of the user you need to reset the password.
  2. From the User Meta Data section, click Reset Password.
    or
    From the Events page, click on the vertical ellipses icon (in the right side of the selected compromised account), and then select Reset Password.
  3. In the Reset User Account Password pop-up that appears, click OK.
    One time password gets generated automatically and the User Account One-Time Password pop-up shows the password for the user account.
  4. Share the one time password with the user.

Notes:

  • Resetting a user account password terminates all the active sessions associated with the account.
  • After logging in with the one time password, the user is prompted to set a new valid password.

Unblocking a Blocked User Account

To unblock a blocked user account from the Avanan portal:

  1. Open the User page of the user you need to unblock.
  2. From the User Meta Data section, click Unblock User.
    or
    From the Events page, click on the vertical ellipses icon (in the right side of the selected compromised account), and then select Unblock User.
  3. In the Unblock User Account pop-up that appears, click OK.
Note - The Unblock User Account option appears only for the blocked Google user accounts. For Microsoft user accounts, you can unblock the user account by using the Reset Password & Unblock User Account option.

Resetting Password and Unblocking a Blocked User Account

To reset the password and unblock a blocked user account from the Avanan portal:

  1. Open the User page of the user you need to unblock.
  2. From the User Meta Data section, click Reset Password & Unblock.
    or
    From the Events page, click on the vertical ellipses icon (in the right side of the selected compromised account), and then select Reset Password & Unblock.
  3. In the Reset Password & Unblock User Account pop-up that appears, click OK.
    One time password gets generated automatically and the User Account One-Time Password pop-up shows the password for the user account.
  4. Share the one time password with the user.
    After logging in with the one time password, the user is prompted to set a new valid password.

Note - The Reset Password & Unblock option appears only for the blocked user accounts.

Monitoring and Auditing Actions on Users

Avanan audits all the user actions and adds them to the System Logs (System Settings > System Logs).

To monitor the action status of Microsoft user accounts, go to System Tasks (System Settings System Tasks).