标记有风险的用户-什么是“确认受到威胁"?行动 [英] Users flagged for risk - what are the "confirm compromised" actions

问题描述

当您确认其他事件中的妥协时会发生什么-我们遇到了一个用户问题，在任何渗透之前我们都已检测到并缓解了该问题.但是，我想知道附加措施"是什么?被执行?

What happens when you confirm compromise within the additional events - we have had a user issue that we detected and mitigated before any exfiltration. However I wondered what the "additional measures" are performed?

我不希望进一步修改用户帐户，因为我们已经启用了强身份验证等

I don't wish the user account to be further modified as we have now enabled strong authentication etc

推荐答案

您还可以采取其他措施如文档 这里，您可以使用页面中的修复脚本来完全重新保护帐户.该脚本允许执行不同的操作，例如重置用户密码，删除邮箱代表，启用MFA，设置较高的密码复杂性，启用邮箱审核，生成 受影响用户帐户的审核日志等.

You can additionally take the actions as described in the document here and you can use the remediation script from the page to fully re-secure the account. This script permission different actions like reset user's password, remove mailbox delegates, enable MFA, set high password complexity, enable mailbox auditing, producing audit logs etc. for the affected user account.

这篇关于标记有风险的用户-什么是“确认受到威胁"?行动的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！