POLICY- BLACKLISTED LOGIN LOCATIONS
POLICY- BLACKLISTED LOGIN LOCATIONS
Embedded Files
LETS STOP SOME BAD GUYS
LETS STOP SOME BAD GUYS
This guide will walk you through the process of enabling a location based access policy, that will automatically remediate logins from blacklisted countries.
NOTE: Before setting up make sure you Blacklist Or Whitelist A Location Or IP.
STEP ONE:
Sign into your Cloud Access Monitor Instance.
STEP TWO:
Navigate to the Audit & Control Page.
STEP THREE:
Select the "Enabled Policies" button below the desired Cloud Environment
STEP FOUR:
Select the User Policies tab.
STEP FIVE:
Under the Blacklist Login Policy, look at Remediation.
None: When a user account is logged in from a blacklisted location no action will be taken
Suspend User: When a user account is logged in from a blacklisted country the account will be suspended.
Send Warning: The User or the Cloud administrator will be notified of the login, and they can verify if activity is normal or not.
STEP SIX:
Now choose when you want the remediation to occur, above the Blacklist IP addresses Logins dropdown you will see the When Dropdown.
Select the time frame you wish to use.
STEP SEVEN:
Finally choose the On Remediation options.
Notify User: When the remediation action takes place to user will be notified via email.
Notify Admin: The cloud administrator will be emailed of the policy violation.
STEP EIGHT:
Select the Save button at the bottom of the page.
Setup is now Complete
Office 365 Only
Office 365 Only
Black listed logins can be filtered by login event type even further. Create a new Policy by selecting the Add Policy Button at the bottom of the page.
Select the Suspicious Logins checkbox and click inside the Activity Types box.
Here you are able to select the specific types of suspicious logins you would like to remediate. For more information about the specific types of logins please see What Defines A Suspicious Login page.
Report abuse