Harmony Email & Collaboration to automatically block compromised accounts by default

Internal accounts can be compromised in many different ways. Once they are compromised, within a very short period of time they will be used to deepen the attacker’s hold on corporate resources, be it sending phishing emails to the compromised user’s colleagues or access and leak sensitive data out of the organization. To handle these incidents, we recently released the new workflow to automatically block compromised accounts and we are already seeing great results.

Over the last month we worked closely with some of our design partners and monitored customers that have already enabled the workflow, and based on their feedback, we have also released the latest option to granularly decide whether or not to automatically block compromised Microsoft 365 administrators.

And now – the new workflow becomes the default.

For every Avanan portal, the default behavior of the system is now changed:

  1. Compromised accounts will be automatically blocked and all portal admins will be notified.
  2. Microsoft 365 administrators detected as compromised will not be automatically blocked

Suspected compromised accounts will still not be automatically blocked by default, unless you changed the default workflow in your portal.

To change this new behavior, go to Configuration -> Security Engines -> Anomaly Detection -> Configure and select the desired workflows.

Note – this change will take place gradually over the next 10 days.