You will find here every month the latest news about IDECSI’s products. Don’t hesitate to connect to access the knowledge base or the feature requests.

4.40 (13/10/2021)

UPDATE - Auto retry for operations

Protection and Audit jobs ran from the “Operations” menu are now automatically retried 3 times every 20 minutes to workaround Microsoft API behavior in case of failure and before giving the “failed” status available to I2A Administrators.

NEW - My Profile Warnings

Any risky configurations or overexposed data are now highlighted within a new section “Warnings” at the beginning of My Profile and in the menu with badges.

Expanding the Warnings section will show related details

This feature is configurable so please contact your Client Success Manager if you wan’t to add it.

NEW - My Profile link

We added a new button into the MyProfile page. It can be used to provide a link to your knowledge base, online help or user guide.

It allows customisation of
– its icon
– its URL target

Please feel free to contact your Client Success team in order to customise this change.

NEW - Azure Information Protection integration

IDECSI’s platform now collects metadata from Microsoft Information Protection in order to display sensitivity “labels” per file. It offers several use cases :

  • Sensitivity information is given to the end user in the context of its usage, which helps to pinpoint faster potentially sensitive and overexposed data.

  • Identify shared sensitive files and their permissions across the whole monitored environment

  • Alert on actions involving sensitive data (new share, new permission, new access, …)
  • Audit and alert on any change made by an admin regarding sensitivity labels thru Microsoft Office 365 Compliance dashboard

Technical view of the configuration object storing labels configuration. The object is permanently audited, any change or tentative of compromise could rise an alert.

  • Audit any user labelling activities onto files

Please feel free to contact your Client Success Team or your Sales Engineer.

UPDATE - Remediation

We are now able to block an Azure Active Directory user account as incident response to an alert (i.e : impossible travel, simultaneous access).

UPDATE - MyProfile SharePoint Sites

SharePoint sites displayed to MyProfile users now integrate “Lists” as part of the SharePoint site hierarchy.

UPDATE - MyProfile - highlight potential risks

Company, Anonymous, Guest links created with OneDrive, Teams or SharePoint as well Exchange’s default permission object, are now highlighted in red.

This feature is customisable to your internal policy (for instance if you consider such case is part of your organisation’s best practices).

Below is a sample of OneDrive and Mailbox view :

Please feel free to reach your Client Success team.

4.27 (11/08/2020)

NEW - Resources' last actions detection

In order to provide security teams additional visibility on the protected resources and their activity, we developed a new section on the Expert platform on which you can monitor the dates of the last activities on the resources.

This feature is particularly interesting if you want to know if there are unused resources among those which are collected by IDECSI.

In order to access the new section, click on the “Monitoring” link on the left as showed in the image; then apply the filters for a more precise research.

Once the research is done, you can also export it to .csv format by clicking on the export button.

NEW – Rule condition for Administrator operations

There are several scenarios for which O365 administrators have to interact with user’s resources, and for security teams it’s sometimes difficult to obtain information about admin’s actions when needed;  so we have improved our capability to detect O365 Administrators operations in order to help you.

You can now decide to be alerted, or flag as safe, some operations made by admins, thanks to a new option added on the “Username” condition when create a policy.

Please feel free to reach out your Client Success Manager if you need help to deploy rules or to update the existing ones.

4.25 (15/07/2020)

NEW - German language available

All the IDECSI products are finally available in german.

By changing the communication language in german, all the IDECSI products (Expert Platform, MyProfile, Alert Answer, …) will be translated, and all the communication support as well.

 

UPDATE – Additional resources protection

We improved our protection system allowing IDECSI administrators to start the protection of the main resources of the Office365 suite.

If you want to start protecting a user’s mailbox, you can select two additional options allowing you to add the OneDrive and AzureAD resources as well.

UPDATE – Minor improvements & bug fix

Thanks to valuable feedback from our customers, a few bugs have been fixed and some visual or performance improvements have been made.

If you want to make suggestions about our product, you can use our Fetaure Requests page here: https://extranet.idecsi.com/feature-requests/

4.24 (09/06/2020)

NEW - Alerts autoclose feature (optional)

In order to improve our customer experience for end users deployments, we now provide to our customers the possibility to close opened alerts after a certain time automatically. So the user is no longer required to answer systematically, as the alerts with no answer will be automatically closed, and users can focus on alerts which require their attention.

This feature is fully configurable, you can either decide to close an alert after one or more reminders are sent for the same alert, or after a defined time-frame.

This option is available on users access and users configuration alerts, not on global configuration alerts and alerts raised from user’s feedback (Invalid state report).

The alerts automatically closed will be considered as valid on the IDECSI platform and the event which have triggered the alert as legitimate.

As the feature is inactive by default, we invite you to contact your Client Success Manager for implementation.

NEW – Tailored learning phase system

Learning phase is one of the key features of the IDECSI platform, as it provides a unique profile for each protected user, based on its accesses and configuration.

So we decided to make this procedure more flexible, allowing you to restart a learning phase for users in an easier and configurable way.

On the user’s Summary page, simply click on the icon as in the image below:

Then select the start date and for how many days you want the data to be considered for the profile creation.

Our engine will analyze the datasets provided for the time-frame, and create the profile accordingly, removing all the obsolete rules, devices and permission for the user, and creating new ones.

If a notification rule has been set up for users to receive a MyProfile email at the end of the learning phase, a notification will be sent at the end of each learning phase. Please contact your Customer Success Manager if you need assistance.

UPDATE – New IP addresses filters in the Collected Data

We really believe that the Data Collected page provides real value to our customers in terms of visibility and forensics on the O365 events, so we are improving this module to make your life as simple as possible.

Two additional filters have been added, allowing you to filter Collected Data by IP address or IP Origin.

4.23 (12/05/2020)

NEW - MyProfile campaigns management

This new feature provide an interface where customers can manage their MyProfile campaigns and set up several parameters for automatic send of MyProfile emails. You can access this from the “Operation” section in your Expert platform.

 

 

We invite you to contact your Client Success Manager for the implementation of your first campaign.

NEW – PowerBI data flow

In order to provide to our customers visibility on alert’s activity on IDECSI, we now provide a data flow, which can be consulted on PowerBI.

For now, we are able to provide information on Users, Alerts and Applications.

For more information, please contact a member of the Client Success team.


UPDATE – Default owner for SharePoint library automatic protection or permanent audit

In a context where SharePoint libraries are automatically protected by IDECSI, you can now define a user by default to which these libraries will be attached to.

The SharePoint libraries can be consulted on the user’s Summary page and MyProfile.

Once attached to the user’s profile, it will be possible to reassign those libraries to other users directly from the Expert platform or MyProfile.

UPDATE – Edit end users general information on MyProfile

End users can now update their general information (email, phone number, timezone, …) directly from their MyProfile.

 

4.22 (14/04/2020)

UPDATE – Configuration Objects collected after alerts are closed

In I2A some types of alerts are related to Configuration Objects. (Inbox Rules, Applications Permissions, Sharing Set, …)

When you close an alert related to one of these objects, they will be automatically collected and updated, providing you the latest version of it instantly, instead of waiting the scheduled daily collection.

Since end-users can access their data through MyProfile, and report an anomaly such as an old delegation, it’s important that their profile is constantly updated, especially if the change is originated by their feedback.

UPDATE – ActiveSync events are excluded for the Geo-localization

Due to the fact that mobile devices are nomads by design and can switch network and localization very quickly and unpredictably, we decided to exclude the logs related to these from the calculations for the Geo-localization.

By doing this, we improved our Geo-localization by focusing on reliable sources of information, increasing the precision of all the rules related to this such as the “Move too Fast” and “Simultaneous“.

UPDATE – MyProfile improvements

This update provides general graphic and wording improvements and more details about the protected resources such as the Owners list of a SharePoint library or more details on each Exchange permission.

 

Customers can now customize colors of MyProfile web page. Check this with your Client Success Manager for more information.

 

If you have suggestions and ideas about MyProfile and IDECSI in general, please submit it to our “Feature Request” page: https://extranet.idecsi.com/feature-requests/

NEW – User feedback for SharePoint Library ownership

It’s very important to have visibility on SharePoint libraries, but it’s very hard to track all the membership and ownership for each library.

End-users can now inform the team in charge to whom belongs the SharePoint Library for which they’ve been assigned as owners, simply by clicking the button “not belong to me” and selecting another person from the list.

 

 

If the owner of the SharePoint Library do not appear in the list, they can still search it in the “Search for another user” section and it will be reported to the people involved.

In case the SharePoint Library is not used anymore, they can report it by clicking the “Delete” button. (It won’t delete the SharePoint Library of course, but just inform the people in charge)

4.21 (10/03/2020)

UPDATE – Folder Visible accesses on Default are masked

When a user accidentally activates the “Folder Visible” option on his mailbox on its Default Permission, it might generate several false positives alerts based on accesses, due to Microsoft activity on the resource. 
 
These are not real accesses, as it’s not possible to access the mailbox only by activating the “Folder Visible” option without assigning a higher permission (author, owner, reader, …); that’s why now IDECSI mask these accesses and will not generate the delegate on the MyProfile page of the user.

NEW – New header in Alert Answer for closed alerts

When a user opens an alert from its SMS/Email link, and this one have been previously closed, it will display with a new green header informing the user that no action is required.

NEW – Search bar for Configuration Objects

Since IDECSI can now collect more configuration objects from different types of resources (Mailbox, OneDrive, Teams, Sharepoint, …) we created a search bar in the Expert Platform for the names of the configuration objects so customers can easily find a specific one without having to filter on the type/name of the resource.

NEW – Permission creation based on configuration objects

In the past, the IDECSI platform used to create Permissions for delegates accessing the protected resources by analyzing the accesses in the last three weeks. So if a legitimate delegate didn’t access during this period, no Permission would have been created. 
 
The system has evolved and now their Permissions are created based on the accesses AND the configuration objects, specifically all the delegates found in the “Mailbox Folder Permission”. 
This will avoid false positives based on the fact that if a legitimate delegate access a protected resource AFTER the creation of the Permissions, this will trigger an alert.

NEW – End User notification for comments and alerts closing

It’s now possible to set up a notification rule pour end-users, allowing them to receive a notification when a new comment on their alert is made, or when an alert has been closed by someone else. (Security Team, assistant, …)
 
Deploying this allows you to create a direct link between end-users and security teams, as they can both receive notification when a new comment is made on an alert.

Please note that this is an optional feature and it won’t be activated by default.

4.20 (04/02/2020)

NEW - Customization of the header on all products

You can now customize the headers of all our products (MyProfile, Alert Answer, Expert platform, OnePage Report) with a logo and a name:

The header can be also customized on all the emails sent by IDECSI.

To deploy these customizations thank you to contact your Client Success Manager.

UPDATE - Automatic import of delegates

Idecsi has deployed the automatic import of delegates (users which do not benefit from continuous protection such as personal assistants and service accounts) in order to strenghten the protection around the protected users by preventing accesses made by compromised delegates accounts.

Now you can set up rules in order to be alerted in the event of a delegate’s connection to a protected resource from unusual countries or unusual protocol. (IMAP/POP/…)

At the end of the learning phase, all the delegates which had accessed to a protected resource during the learning phase will be automatically imported by IDECSI and a profile created for each.

All the delegates will be imported by default in the company OU (root).
In case you prefer that your delegates are imported into a different OU,  you can ask your Client Succes Manager to change it.

NEW - Login attempts from unusual countries on MyProfile

IDECSI is now able to detect when a login to Office 365 fails. If it occurs from an unusual country, it will appear on  MyProfile for the I2A administrators.

However, this information will not appear for the End-Users consulting their MyProfile.

Please note that a country from which we detected a failed login will never be registered as “Usual Country” on the IDECSI platform.

NEW - Alerts for Brute Force attempts

For Office 365 environments, a new alert rule has been deployed on the Global resources which monitor the brute force attacks.

If someone fails accessing its Office 365 account more than one time in a determined period (6 hours by default), IDECSI will alert you instantly.

NEW - Profile creation after end-user's MyProfile validation

At the end of the learning phase, the end-user will receive the link to the MyProfile page.

Once he has confirmed that all the information are correct, the IDECSI platform will automatically update the profile based on all information validated by the user. In case of an anomaly reported by the user, no update will be made for the related information.

The system will automatically create permissions for legitimate delegates, it will register legitimate mobile devices and usual countries.

UPDATE - No alerts sent when a MFP right is downgraded

When a Mailbox Folder Permission right which have been previously assigned is downgraded, IDECSI do no longer send an alert for this type of configuration change.

Ex. VIP 1 previously assigned Owner rights on his calendar for Delegate 1. VIP 1 decides to switch the right level from Owner to Author.

This would usually trigger an alert because of the configuration change, but as the Author right is inferior to the Owner right, it won’t happen.

In terms of security, downgrading a right is rarely dangerous for a protected user.

NEW - Events can be flagged as 'Technical'

To prevent end-users to receive alerts which are non-relevant and for which it would be impossible for them to answer, some of the logs collected by IDECSI are now flagged as “technical“.  (Ex. access made by local admin accounts or by Microsoft service accounts)

4.18.1 (15/11/2019)

NEW - User profile: management of the usual countries

In the “Usual Countries” menu, you have now the possibility to select all the countries and easily remove all of them:

It’s now possible to select a group of countries per continent:

NEW - Collected data: filters

A button now allows you to reset the filters on the screen of the collected data.
A new filter has been added allowing to filter logs from a specific country. The drop-down list appears by clicking “Open Advanced Search”.

NEW - Displaying the instance of the resource and icons

When a resource is displayed, it is now specified the instance of the latter, allowing them to be distinguished. Icons have been added to provide one-click access to the collected data and administration objects of the displayed resource.

NEW - OnePage Report Customization

It is now possible to add a custom logo to OnePage reports.

In order to do this, please provide a logo in png 300px * 100px format to your Idecsi contact.

4.17 (16/09/2019)

NEW - Merge of alerts

Until now, when a new sharing was done on a resource (One Drive, SharePoint, Teams, etc) or a new delegation configured on an email, the I2A platform issued two separate alerts:  

  • An alert for a change of rights or new sharing 
  • An access alert, the first time the beneficiary of the sharing or delegation accessed the resource. 

I2A is now able to merge the two operations in order to avoid issuing the access alert.

NEW - Optimized Application Management in O365

The security team can now configure the creation of an alert as soon as a new application accesses a protected resource (for example LinkedIn that accesses your contacts)

Among the choices of the “Connected user” predicate present, the “an application” option is added. If this option is configured, an alert will be generated in case of access by any third party application to the resources.

UPDATE - Automatic deactivation of the protection of a protected resource

If a mailbox is disabled in Exchange, protection within I2A for the same resource will be disabled automatically, so it’s no longer necessary to wait for the information and manually disable the protection in I2A.

UPDATE - Added country predicate in ``Unusual access`` alert notifications

In email notifications for an “Unusual Access” alert you will now find the country predicate among the available information, allowing you to have an additional element regarding the context of the event that generated the alert.

OTHER - Performance improvements, minor improvements and bug fixes

Improved automatic telephone number retrieval in I2A.

Fixed bug concerning the “Role groups” field when exporting to the “Users” section of I2A.

4.15 (01/07/2019)

NEW - Configuration alert management

In Azure AD, alerts following the addition of applications or the addition of permissions for applications

For Azure AD groups, alerts in the event of addition or modification of permissions for a linked protected resource (eg. adding an owner in Teams)

Alerts following changes in SharePoint and OneDrive sharing policies (eg. allowing anonymous sharing on the tenant)

Alerts following E-Discovery actions via Content-Search

Separation of SharePoint / OneDrive sharing alerts into internal / external subtypes

Taking into account the expiration date of anonymous sharing in SharePoint / OneDrive (if the user closes an alert regards time-limited anonymous sharing, new anonymous sharing after the time limit will be alerted)

Updated text in alerts for protected users

OTHER - Performance improvements, minor improvements and bug fixes

Richer modification and stopping options for learning, protection, Permanent Audit or Audit.

Addition of Azure AD groups and their members to OnePage and Excel audit reports for SharePoint

For SharePoint lists associated with an Azure AD group (via Teams), we will attempt to link the resource to one of the owners of the group

Improvement of the “repeated actions” predicate (eg LoginFailed on Azure AD resource)

Added expiration date for usual countries (as an option).

Back To Top