You will find here every month the latest news about IDECSI’s products. Don’t hesitate to connect to access the knowledge base or the feature requests.
4.64 (23/04/2024)
NEW - MDS Points of attention available for File shares
UPDATE - Devices management improvements
▶️ MDS Modal improvement
The mobile devices and applications modal in the security dashboard has been revamped. We’ve added intuitive icons and revised the text for each device, providing clearer insights into active synchronizations on applications.
▶️ E-mail and Teams Bot notifications change
The new device notifications have been improved in order to be easily understood by the recipient :
UPDATE - Expert improvements
▶️ User Lifecycle “test a user” option
▶️ New start date option of available countries
Note that admins will only have to set the days of connection, and not the hours
4.63 (02/04/2024)
NEW - Enhanced user experience with MDS Campaigns
▶️E-mail Notifications
We’ve revamped the email experience with a concise list of attention points inside the email content, along with a new type of reminder based on email opening and MyDataSecurity accesses. We also improved the confirmation email of the profile validation.
▶️Teams Bot Notification
We have implemented a more modern message on the Teams Bot Campaign notification :
UPDATE - MDS improvements and bug fixes
▶️ Improved User Permissions Visibility
▶️ Call-to-Action Remediation Modals Enhancement
We’ve made the call-to-action remediation modals more accessible, by making them lighter with only essential elements for an improved user experience.
▶️ Viva Engage available in MyDataSecurity
In line with recent changes, we’ve updated the name of the feature on our application from “Yammer” to “Engage.”
▶️ Bug fixes
We’ve addressed various bugs related to search files and persistent operations after successful remediations on locations.
UPDATE - Filer improvements
4.62 (27/02/2024)
UPDATE - User search available in MDS
▶️General overview
Following the initial improvement of the search functionality, we have introduced an expanded search capability within MyDataSecurity. Users can now conduct searches not only across documents but also on users with permissions on their managed resources.
▶️Advanced search possibilities
- Upon typing the first three characters, users can search through both documents and users. Search results will now include distinct tabs for “Files” to search among documents and “Users” to search among fellow users.
- When selecting a specific user, a page with a comprehensive list of permissions will be displayed with all group memberships, direct access, and sharing links. Note that, permissions inherited from a group or from a parent won’t be displayed.
- Note that search possibilities does not include users or files only visible on read only Teams / Sharepoint sitesW
- We also added a link on permissions details modal to access a user detailed page.
UPDATE - MDS improvements and bug fixes
▶️ General Overview
- Reordering permissions to prioritize attention points related to security risks: Anyone, Any user in the organization, External users, Sensitive items, Deleted users.
- Deleting “Any user in the organization” for calendar sharing permissions will reset the permissions to the configured level (e.g. Free/Busy).
OTHER - Performance, minor improvements and bug fixes
- To streamline alert monitoring, the state filter “pending” has been refined in the Expert mode to target “awaiting change” and “awaiting feedback” statuses. This filter will be available only if the resource service is Premium
- Furthermore, notifications will now be sent to alert the AMT/Security Team when a user reports an anomaly.
- We are now hiding Local Authentication button for users without the proper access rights.
- The hash of the file concerned by a File Malware alert has been added on the alert overview
4.61 (30/01/2024)
NEW - Shared Mailboxes available on MDS
▶️General overview
▶️Mailbox management
UPDATE - Enhanced Navigation for Users with more than 100 resources
For users with more than 100 collaborative resources, we’ve added a light-mode display, presenting the Sharepoint sites list as a table format. This improvement will significantly improve the loading time of the MDS pages.
UPDATE - Header simplification
OTHER - Performance, minor improvements and bug fixes
▶️ Expert Platform Enhancements:
Delete a File Server:
Manage file servers efficiently with a new feature in the Expert platform, allowing the removal of file servers.
Delete a LEM in Monitoring/Machines:
Similar to file servers, efficiently manage machines and Distant LEM with a feature to remove machines.
Improvement of the Premium alert management process:
- To simplify the alerts follow up, the state filter “pending” evolves in Expert to target “awaiting change” and “awaiting feedback” status. The pending state will be available only if the resource service is Premium. A notification will be sent to alert AMT/ Security Team that the user has report an anomaly.
- The state filter “pending” evolves in Expert to have “awaiting change” state and “awaiting feedback”. The pending state will be available only if the service is set to Premium.
A notification will be sent to alert AMT/ Security Team that the user has report an anomaly.
4.60 (13/12/2023)
UPDATE - MyDataSecurity UX Improvements
▶️ Outlook tab
- 2 new attention points have been introduced on the Outlook tab :
- The “send as” permissions set on the user’s mailbox
-
- Inbox rules with emails deletion set on the user’s mailbox.
In addition, the points of attention for inbox rules are now grouped in the “Sensitive inbox rules” section : you will find here the rules folded by category (Unconditional email deletion, Conditional email deletion, External forwarding)
- For a better clarity, the “Folders” tab has been deleted
▶️ Home page : operations history
- Simplification of the operations history display :
Operation History is now consolidated into a single, easily accessible page rather than a specific modal, providing a more user-friendly interface and an easier access to information.
- Users can now track the history of their profile validations. This update allows users to conveniently identify the last time they validated their profile, promoting better profile management and accountability. NB : If the “hide my attention points” is enabled for your tenant, this will also appear in the general history.
▶️ Filers tab
- Users can now browse the members within the groups with granted permissions
To facilitate management of sharing permissions associated with groups, users has now the visibility on the group members before removing granted permissions. Users can now review the group members they are about to remove, enabling more informed decision-making and preventing accidental removal of permissions.
NEW - MyDataSecurity : Set a default calendar sharing level for your organization
▶️ General overview
- A new configuration setting is now available : customize default calendar settings permitted by your organization. This feature allows administrators to specify calendar default sharing settings within the organization (e.g. can “view titles and locations”), preventing the triggering of unnecessary attention points. In addition, a user will not be able to decrease the sharing setting below the configured level.
NEW - User lifecycle management
▶️ General overview
In order to keep up to date with our customers user bases, we are bringing improvements to the way IDECSI manages the continuous protection process of resources :
- Any user who doesn’t match the scope of an active automatic protection rule will have his resources unprotected and will be moved to a dedicated IDECSI Org Unit
- As soon as a user’s Entra ID (former Azure AD) account is disabled or deleted in the customer tenant, his resources will be unprotected and he will be moved to a dedicated IDECSI Org Unit
No actions are needed from the customers to set up this process. This will be handled by your customer success manager.
UPDATE - Minor improvements and bug fixes
▶️ General overview
- On MyDataSecurity : the “operation in progress” tag displayed after a remediation requested on Outlook will now disappear as soon as the operation is done, following the current workflow of remediation tags for OneDrive, Sharepoint, Teams, Yammer and Filers.
- On MyDataSecurity : Previously masked attention points concerning shared sensitive items will not reappear when a new sensitive item is shared
4.59 (15/11/2023)
UPDATE - MyDataSecurity UX Improvements
▶️ Global overview
- All SharePoint sites and Teams for which a user has owner rights are now displayed in his / her profile. A new “read only” mode allows to view the details of the site even if the user is not the manager
- Chat files and meetings recordings will be moved to OneDrive tab for a better experience. The Outlook attachments will also be added in the OneDrive tab.
- When a user validates his / her profile, the last validation date will be added in the confirmation pop-up.
UPDATE - Expert UX improvements
NEW - Campaigns focused on attention points
▶️ Global overview
- In the expert interface : a new setting allows admins to target only the users with open points of attention on their MyDataSecurity profile
- Note: a user without points of attention at the beginning of the campaign will not be added to the scope if a point of attention is added afterwards
NEW - Fileshare remediation
▶️ Global overview
- In MyDataSecurity : Just like on his mailbox, Teams or Sharepoint sites, a user is able to perform remediation on his fileshare resources to remove some unwanted permissions
- In the Permission Explorer interface : admins are now able to remove permissions given to a group or a user on an item (file / folder / fileshare)
4.58 (09/10/2023)
NEW - New BI datasource and dashboards
▶️ Global overview
New datasets and PowerBI dashboards are available for IDECSI admins, allowing for a better follow up of the deployment on your tenant.
Here are some examples of new data available in the reports :
- Classification for Microsoft 365 Groups and SharePoint sites
- Summary of points of attention for each type and resources
- Summary of end-users activities in their MyDataSecurity profile
- Last data collection date for each resource
- Addition of the parent of the sensitivity labels (if any)
Please contact your customer success manager for further information.
UPDATE - New set of notifications for Teams Bot
▶️ Several UX and functional improvements have been made to the IDECSI Teams Bot
More Teams notifications were added to support other alert types :
- 🆕OneDrive / Teams / Sharepoint – New share with external users
- 🆕OneDrive / Teams / Sharepoint – New anonymous / company share
- 🆕SharePoint / Teams / Microsoft 365 Groups – New users or owners
- 🆕Outlook – New inbox rule creation
- 🆕Outlook – New calendar sharing
- 🆕Outlook – New Mailbox Folder Permissions
- 🆕Outlook – New FullControl / SendAs permission on a mailbox
All the alerts notifications are now also available in the auto-close mode
4.57 (29/08/2023)
NEW - Search bar available on MyDataSecurity
▶️ Function overview
The Search function enables users to quickly find sensitive shared files or a specific file and delete the permissions granted on it.
This search bar replaces the filter bar on user name.
📒Note: The search bar is ONLY available on a desktop. On a mobile, the search function is a filter on a username (old search).
Search bar
The Search bar is always available on the header of the MyDataSecurity application, on all screens (except the support screen).
By default, clicking on the search bar will display a quick search links with predefined list of filters :
- Files shared with anyone with link
- Files shared with the whole company
If clicked it will redirected the user on the results page with filters applied (like files with anonymous links)
Results page
Results page table
The result page shows only items with unique permissions, and not those with direct permissions or share links inherited from a folder or document library, as explained in the banner.
Filters
A search function is added at the top of the table, enabling the user to add filters and better find files.
Filters are cumulative, so several filters can be added together.
Detailed file page
When clicking on one of the file from the results page, it opens a File page (or Folder page).
To remove permission, the user can click on the permission to remove it.
UPDATE - Manager assignment improvement on Expert Platform
By default, only owners will be assigned as manager in IDECSI applications.
- From August, deactivated users or users who lose the ownership of a collaborative resources will be removed of the management
- An option will enable admin in Expert or end-users in MyDataSecurity to assign manually a non owner user). In this case, the manager will not be removed automatically except if he is deactivated
▶️ Reminder : Automatically reassign a resource if the user loses his / her owner rights
Here are the list of cases of losing automatically the management of the resource:
- As a user, I will lose the management of a resource if I lose the Ownership of the resource (from MS or from MDS removal). A new manager will be assigned with the Auto-import process (take the first owner in the list given from Microsoft)
- As a user, I will lose the management of a resource if my account is deactivated. A new manager will be assigned with the Auto-import process.
- If no Owner exists, no manager will be assigned. Normally this case should not happen as the last owner cannot be removed;
▶️ New : Manually assign or remove a new manager of the ressource (owner or user) on Expert platform
As an admin in Expert, I want to manually assign or remove resources to other owners or other users.
Function overview
With the release 4.57, we implemented the ability for any customer admininistrator with access to the Expert application to reassign or remove the manager of the ressource.
Where to find it ?
In order to do so, open the resource page whose manager you want to detach, and click on the arrow button next to the owner name:
A new modal appears with the ability to either :
- select a new manager from the list of owners,
- select a new manager from the list of users.
- Remove the current owner
UPDATE - Improvements on some MyDataSecurity features
With this new release, some user improvement have been performed :
▶️Removal of the Numbers of owners / admins / external users in My Teams / My Sharepoint
Fewer information are now displayed under each Teams Name: only the privacy label in grey for a Private group and red for Public group
The information are still available after opening the Teams using the chevron button.
▶️ Add “Classic site” label on Sharepoint tab
From your MS Sharepoint web, you can created classic (aka team site) or modern (aka communication site) Sharepoint sites.
This specific label is now displayed under the Sharepoint sites name.
▶️ Configure the request management comment to become optional or mandatory
A new optional configuration is available in the options to force the end-user to write a comment when request the management of the resource.
By default the configuration is false (no comment section) : please contact our client success teams if you wand to implement the new feature.
▶️ Configure the “Who has recently accessed?”
A new configuration is available in the options to hide the bloc “Who has recently accessed ?” in Outlook, OneDrive, Teams, collaborative ressources (Sharepoint, Teams, Yammer) and fileshare.
By default the configuration is true (so the bloc is available), please contact our client success teams if you wand to implement the new feature.
UPDATE : Change in Sharepoint data collection
▶️ Reminder
IDECSI platform collects and protects all the SharePoint document libraries hosting live business content.
As such, any documents library or list whose name matches one of the following name will not be take into account:
- “PreservationHoldLibrary”,
- “SitePages”,
- “SiteAssets”,
- “MaintenanceLogs”,
- “IWConvertedForms”,
- “users”,
- “ProjectPolicyItemList”,
- “wfpub”,
- “ContentTypeSyncLog”,
- “PublishedFeed”,
- “FormServerTemplates”,
- “Style Library”,
- “theme”,
- “masterpage”,
- “threadtacv2_wiki”,
- “thread.tacv2_wiki”,
- “threadskype_wiki”,
- “thread.skype_wiki”,
- “Teams Wiki Data”,
- “Events”
▶️ Update
We now also exclude by default the SharePoint lists from the scope :
- From August 2023, no additional SharePoint lists will be collected and added in our applications
- All existing SharePoint list data will be deleted in 3 months
4.56 (01/08/2023)
NEW - Email Notifications Improvements
▶️ Improvements
- New templates for all emails notifications
- New texts on end-user notifications
- Changes in email customization options
▶️ Template Change
TWO-BUTTON
|
ONE-BUTTON
|
|
|
▶️ Customization
- Color of the header (no more image for ISR goals)
- Logo (specific size)
- Name of the solutions
- Text of the conclusion (Thank you for your attention, security team)
- Auto-close (default) vs two buttons
- Text of the support
UPDATE - New set of notifications for Teams Bot
▶️ Function Overview
- 🆕 Request Management: a message to request to the old manager the hand over management to a new manager (call-to-action button)
- 🆕 Hand Over Management: an informative message to notify the new manager about the new resource under his/her responsability
▶️ Request Management:
NEW - Sensitivity label attributed to folder
▶️ Function overview
- a grey sensitive label if folder contains low confidential files
- a red sensitive label if folder contains a least one high confidential files
▶️ Tooltip added:
NEW - Filer : ``change manager`` feature available
NEW - Filer admin console in Expert
4.55 (23/05/2023)
NEW - Simplify the display on Sharepoint site
NEW - Private and public channels in MyDataSecurity and Expert
Function overview
Public / Private channel on a Teams site level (as Teams manager)
- a private channel is represented by a padlock
- a public channel is represented by a shared link
- Owners and members of the channel (Shared channel membership)
- Permissions and users on files and folder in the channel library (Who has specific permission to access ?)
- Users who has recently accessed files and folders in the channel library (Who has recently accessed ?)
- end-users can filter group membership by owners, externals and internals
- end-users can filter permission by groups, externals and internals
Public / Private channel as a Channel manager
NEW - New remediation action for Teams channels
New remediation action for Team channels
- Promote a member to owner in Teams
- On a group membership of a Teams, the user can click on a member and then change the membership for each channel (cf first image).
- On a group membership of a Teams channel, the user can click on a member, and a modal allows the end-user to change ownership on all the specific channel (cf second image).
UPGRADE - Improvment of the identification of eligible site managers
Function overview
- Microsoft 365 Group owner
- Teams private or shared channels
- Member of the default site owners group
- Member of a custom site owners group
- Direct owner of the site
Access eligible ressources
- the name of the ressource
- the name of the site manager (if no user is attached a message “No user is currently assigned to this resource as manager”)
- a “request ownership” button
NEW - New langages available
- Spanish
- Chinese (simplified)
- Korean
- Indonesian
- Italian
- Japanese
- Polish
- Portuguese (Brazil)
- Russian
- Thaï
- Turkish
- Ukrainian
Expert – Import (Operations > Import)
Expert – User page
MyDataSecurity – User settings
4.54 (24/01/2023)
NEW - Information banner In MyDataSecurity
- A color: green, orange, red
- An icon from the list of icons available in MyDataSecurity
- A title and a message (in markdown: with formatting, adding link and image possible)
Note 1: banner mechanism will also be used in the future to display personalized messages for users (either manually by the administrators or automatically).
Note 2: As for other customizations, the banner can be scoped on Users, Instances, or Organization Units.
NEW - Display of all sensitivity labels in MyDataSecurity
- Labels considered as “sensitive” will always be displayed in red
- Other labels will be displayed in grey
NEW - Difference between owner and business owner
- (coming soon) Owner of the shared or private channel if applicable
- Microsoft 365 Group Owner if applicable
- SharePoint site owner
- Member of a group with Full Control rights on the SharePoint site
- User with Full Control rights on the SharePoint site
- Site Collection Administrator
NEW - Alert notifications system available as a Teams chat !
UPDATE - Automatic operations : Target collaborative resources
- Users belonging to an automatic operation policy with a high priority level will be evaluated first
- Among these users, potential Business Owners will be prioritized according to their rights level:
- (coming soon) Owner of the shared or private channel if applicable
- Microsoft 365 Group Owner if applicable
- SharePoint site owner
- Member of a group with Full Control rights on the SharePoint site
- User with Full Control rights on the SharePoint site
- Site Collection Administrator
- Among these users, the first user given by the protected collaboration platform will be selected to be Business Owner
4.53 (13/12/2022)
UPDATE - MyDataSecurity UX improvements
- Display of a red dot at the level of the files concerned by a point of attention
- When a user reports an access made from a new country, the country is hidden and the Operation done label no longer appears. The country report is still present in the Operations History.
- Add the date of last access for a country
- The “Operation done” labels no longer appear for countries reported to the security teams
- Merge of the View and Remove tabs in the different modal windows
- Modal windows are now centered at the page level
- When a security group is not yet collected, we precise it instead of writing that it is empty.
NEW - Footer at the bottom of MyDataSecurity
- Image or color for the background
- Between 1 or 5 links
- Each link must meet the different criteria: title with less than 50 characters, url
- An icon can be set for each link among a predefined list. It is possible to add new icon from the Fontawesome base, but not a customized image. Note that the supported version of Fontawesome is the v5.
UPDATE - Change of the behavior of “Validate security profile”
- Title: Hide my points of attention
- Configuration modal: You are about to hide your points of attention. This means that all of the risky items listed below are legitimate (including permissions on your mailbox, sharing links, sharing of sensitive data, and different countries of connection).
- Confirmation button: Confirm
- Confirmation modal: All the points of attention are considered legitimate
UPDATE - Enable to scope a campaign to groups
- Avoid the multiplication of OUs with a very fine mesh to meet the needs of administration, customization of uses, and security policies.
- Grouping of people independently of their belonging to an entity or an IT local (e.g.: France country, all members of the Finance departments).
NEW - I2A: Automatic operation's provisioning report
- Actual Organization Unit Id
- Actual Organization Unit Full Name
- Expected Organization Unit Id
- Expected Organization Unit Full name
- User I2A Id
- User I2A Full name
- UPN
- Display Name
- Provider Instance Id
- Provider Instance Name
- Provider Type
- Resource Name
- Result
- Current Status
- Expected Status
4.52 (15/11/2022)
UPDATE - MyDataSecurity UX improvements
- The number of attention points displayed for each resource is hidden, in preference to a red dot positioned on the resource icon
- The translations have been improved
- The button “Browse all” on the home page was removed, and the browsing per category was improved.
- The operations history was improved.
- A global operations history is now available on the home page.
- The label “Operation done” is progressively removed for the users for which a permission was removed on a specific document
- All resources are now collapsed by default (except if there is only one resource)
NEW - New collector for SharePoint On-premises (permissions scope)
- Expert
- MyDataSecurity
- Permission Explorer
UPDATE - Filter operations
- Environment: Provider Instance (ex: Office 365 – Intranet, Office 365 – Mailbox)
- Operation type: Automatic or Manual
- Identity: Identity used in the operation (ex: user principal name for automatic operations)
- Creation date min
- Creation date max
- Status: Pending, In progress, Partial, Complete, Cancelled, Failed
UPDATE - Collect custom information from Azure AD
It is now possible to collect Directory Attributes, in addition to Extension attributes (1-15) from Azure AD for each user (except Open Extension, Schema Extension, Custom Security Attributes).
Please note: Custom attributes are configurable via a support request only today. Evolution will be planned during the first half of 2023 to propose an interface to define the custom attributes to collect.
For example, the Manager id is now collected from Azure AD users. Also, the “EmployeeType” and “OfficeLocation” fields are collected for all Azure AD tenants and will now be displayed in Permission Explorer.
UPDATE - Enforce the sending of a campaign
UPDATE - Priorisation of the campaigns
UPDATE - Machine status in export
4.40 (13/10/2021)
UPDATE - Auto retry for operations
Protection and Audit jobs ran from the “Operations” menu are now automatically retried 3 times every 20 minutes to workaround Microsoft API behavior in case of failure and before giving the “failed” status available to I2A Administrators.
NEW - My Profile Warnings
Any risky configurations or overexposed data are now highlighted within a new section “Warnings” at the beginning of My Profile and in the menu with badges.
Expanding the Warnings section will show related details
This feature is configurable so please contact your Client Success Manager if you wan’t to add it.
NEW - My Profile link
We added a new button into the MyProfile page. It can be used to provide a link to your knowledge base, online help or user guide.
It allows customisation of
– its icon
– its URL target
Please feel free to contact your Client Success team in order to customise this change.
NEW - Azure Information Protection integration
IDECSI’s platform now collects metadata from Microsoft Information Protection in order to display sensitivity “labels” per file. It offers several use cases :
- Sensitivity information is given to the end user in the context of its usage, which helps to pinpoint faster potentially sensitive and overexposed data.
- Identify shared sensitive files and their permissions across the whole monitored environment
- Alert on actions involving sensitive data (new share, new permission, new access, …)
- Audit and alert on any change made by an admin regarding sensitivity labels thru Microsoft Office 365 Compliance dashboard
Technical view of the configuration object storing labels configuration. The object is permanently audited, any change or tentative of compromise could rise an alert.
- Audit any user labelling activities onto files
Please feel free to contact your Client Success Team or your Sales Engineer.
UPDATE - Remediation
We are now able to block an Azure Active Directory user account as incident response to an alert (i.e : impossible travel, simultaneous access).
UPDATE - MyProfile SharePoint Sites
UPDATE - MyProfile - highlight potential risks
Company, Anonymous, Guest links created with OneDrive, Teams or SharePoint as well Exchange’s default permission object, are now highlighted in red.
This feature is customisable to your internal policy (for instance if you consider such case is part of your organisation’s best practices).
Below is a sample of OneDrive and Mailbox view :
Please feel free to reach your Client Success team.
4.27 (11/08/2020)
NEW - Resources' last actions detection
In order to provide security teams additional visibility on the protected resources and their activity, we developed a new section on the Expert platform on which you can monitor the dates of the last activities on the resources.
This feature is particularly interesting if you want to know if there are unused resources among those which are collected by IDECSI.
In order to access the new section, click on the “Monitoring” link on the left as showed in the image; then apply the filters for a more precise research.
Once the research is done, you can also export it to .csv format by clicking on the export button.
NEW – Rule condition for Administrator operations
There are several scenarios for which O365 administrators have to interact with user’s resources, and for security teams it’s sometimes difficult to obtain information about admin’s actions when needed; so we have improved our capability to detect O365 Administrators operations in order to help you.
You can now decide to be alerted, or flag as safe, some operations made by admins, thanks to a new option added on the “Username” condition when create a policy.
Please feel free to reach out your Client Success Manager if you need help to deploy rules or to update the existing ones.
4.25 (15/07/2020)
NEW - German language available
UPDATE – Additional resources protection
UPDATE – Minor improvements & bug fix
Thanks to valuable feedback from our customers, a few bugs have been fixed and some visual or performance improvements have been made.
If you want to make suggestions about our product, you can use our Fetaure Requests page here: https://extranet.idecsi.com/feature-requests/
4.24 (09/06/2020)
NEW - Alerts autoclose feature (optional)
In order to improve our customer experience for end users deployments, we now provide to our customers the possibility to close opened alerts after a certain time automatically. So the user is no longer required to answer systematically, as the alerts with no answer will be automatically closed, and users can focus on alerts which require their attention.
This feature is fully configurable, you can either decide to close an alert after one or more reminders are sent for the same alert, or after a defined time-frame.
This option is available on users access and users configuration alerts, not on global configuration alerts and alerts raised from user’s feedback (Invalid state report).
The alerts automatically closed will be considered as valid on the IDECSI platform and the event which have triggered the alert as legitimate.
As the feature is inactive by default, we invite you to contact your Client Success Manager for implementation.
NEW – Tailored learning phase system
Learning phase is one of the key features of the IDECSI platform, as it provides a unique profile for each protected user, based on its accesses and configuration.
So we decided to make this procedure more flexible, allowing you to restart a learning phase for users in an easier and configurable way.
On the user’s Summary page, simply click on the icon as in the image below:
Then select the start date and for how many days you want the data to be considered for the profile creation.
Our engine will analyze the datasets provided for the time-frame, and create the profile accordingly, removing all the obsolete rules, devices and permission for the user, and creating new ones.
If a notification rule has been set up for users to receive a MyProfile email at the end of the learning phase, a notification will be sent at the end of each learning phase. Please contact your Customer Success Manager if you need assistance.
UPDATE – New IP addresses filters in the Collected Data
We really believe that the Data Collected page provides real value to our customers in terms of visibility and forensics on the O365 events, so we are improving this module to make your life as simple as possible.
Two additional filters have been added, allowing you to filter Collected Data by IP address or IP Origin.
4.23 (12/05/2020)
NEW - MyProfile campaigns management
This new feature provide an interface where customers can manage their MyProfile campaigns and set up several parameters for automatic send of MyProfile emails. You can access this from the “Operation” section in your Expert platform.
We invite you to contact your Client Success Manager for the implementation of your first campaign.
NEW – PowerBI data flow
UPDATE – Default owner for SharePoint library automatic protection or permanent audit
In a context where SharePoint libraries are automatically protected by IDECSI, you can now define a user by default to which these libraries will be attached to.
The SharePoint libraries can be consulted on the user’s Summary page and MyProfile.
Once attached to the user’s profile, it will be possible to reassign those libraries to other users directly from the Expert platform or MyProfile.
UPDATE – Edit end users general information on MyProfile
4.22 (14/04/2020)
UPDATE – Configuration Objects collected after alerts are closed
In I2A some types of alerts are related to Configuration Objects. (Inbox Rules, Applications Permissions, Sharing Set, …)
When you close an alert related to one of these objects, they will be automatically collected and updated, providing you the latest version of it instantly, instead of waiting the scheduled daily collection.
Since end-users can access their data through MyProfile, and report an anomaly such as an old delegation, it’s important that their profile is constantly updated, especially if the change is originated by their feedback.
UPDATE – ActiveSync events are excluded for the Geo-localization
Due to the fact that mobile devices are nomads by design and can switch network and localization very quickly and unpredictably, we decided to exclude the logs related to these from the calculations for the Geo-localization.
By doing this, we improved our Geo-localization by focusing on reliable sources of information, increasing the precision of all the rules related to this such as the “Move too Fast” and “Simultaneous“.
UPDATE – MyProfile improvements
This update provides general graphic and wording improvements and more details about the protected resources such as the Owners list of a SharePoint library or more details on each Exchange permission.
Customers can now customize colors of MyProfile web page. Check this with your Client Success Manager for more information.
If you have suggestions and ideas about MyProfile and IDECSI in general, please submit it to our “Feature Request” page: https://extranet.idecsi.com/feature-requests/
NEW – User feedback for SharePoint Library ownership
It’s very important to have visibility on SharePoint libraries, but it’s very hard to track all the membership and ownership for each library.
End-users can now inform the team in charge to whom belongs the SharePoint Library for which they’ve been assigned as owners, simply by clicking the button “not belong to me” and selecting another person from the list.
If the owner of the SharePoint Library do not appear in the list, they can still search it in the “Search for another user” section and it will be reported to the people involved.
In case the SharePoint Library is not used anymore, they can report it by clicking the “Delete” button. (It won’t delete the SharePoint Library of course, but just inform the people in charge)
4.21 (10/03/2020)
UPDATE – Folder Visible accesses on Default are masked
When a user accidentally activates the “Folder Visible” option on his mailbox on its Default Permission, it might generate several false positives alerts based on accesses, due to Microsoft activity on the resource.
These are not real accesses, as it’s not possible to access the mailbox only by activating the “Folder Visible” option without assigning a higher permission (author, owner, reader, …); that’s why now IDECSI mask these accesses and will not generate the delegate on the MyProfile page of the user.
NEW – New header in Alert Answer for closed alerts
NEW – Search bar for Configuration Objects
Since IDECSI can now collect more configuration objects from different types of resources (Mailbox, OneDrive, Teams, Sharepoint, …) we created a search bar in the Expert Platform for the names of the configuration objects so customers can easily find a specific one without having to filter on the type/name of the resource.
NEW – Permission creation based on configuration objects
In the past, the IDECSI platform used to create Permissions for delegates accessing the protected resources by analyzing the accesses in the last three weeks. So if a legitimate delegate didn’t access during this period, no Permission would have been created.
The system has evolved and now their Permissions are created based on the accesses AND the configuration objects, specifically all the delegates found in the “Mailbox Folder Permission”.
This will avoid false positives based on the fact that if a legitimate delegate access a protected resource AFTER the creation of the Permissions, this will trigger an alert.
NEW – End User notification for comments and alerts closing
It’s now possible to set up a notification rule pour end-users, allowing them to receive a notification when a new comment on their alert is made, or when an alert has been closed by someone else. (Security Team, assistant, …)
Deploying this allows you to create a direct link between end-users and security teams, as they can both receive notification when a new comment is made on an alert.
Please note that this is an optional feature and it won’t be activated by default.
4.20 (04/02/2020)
NEW - Customization of the header on all products
You can now customize the headers of all our products (MyProfile, Alert Answer, Expert platform, OnePage Report) with a logo and a name:
The header can be also customized on all the emails sent by IDECSI.
To deploy these customizations thank you to contact your Client Success Manager.
UPDATE - Automatic import of delegates
Idecsi has deployed the automatic import of delegates (users which do not benefit from continuous protection such as personal assistants and service accounts) in order to strenghten the protection around the protected users by preventing accesses made by compromised delegates accounts.
Now you can set up rules in order to be alerted in the event of a delegate’s connection to a protected resource from unusual countries or unusual protocol. (IMAP/POP/…)
At the end of the learning phase, all the delegates which had accessed to a protected resource during the learning phase will be automatically imported by IDECSI and a profile created for each.
All the delegates will be imported by default in the company OU (root).
In case you prefer that your delegates are imported into a different OU, you can ask your Client Succes Manager to change it.
NEW - Login attempts from unusual countries on MyProfile
IDECSI is now able to detect when a login to Office 365 fails. If it occurs from an unusual country, it will appear on MyProfile for the I2A administrators.
However, this information will not appear for the End-Users consulting their MyProfile.
Please note that a country from which we detected a failed login will never be registered as “Usual Country” on the IDECSI platform.
NEW - Alerts for Brute Force attempts
For Office 365 environments, a new alert rule has been deployed on the Global resources which monitor the brute force attacks.
If someone fails accessing its Office 365 account more than one time in a determined period (6 hours by default), IDECSI will alert you instantly.
NEW - Profile creation after end-user's MyProfile validation
At the end of the learning phase, the end-user will receive the link to the MyProfile page.
Once he has confirmed that all the information are correct, the IDECSI platform will automatically update the profile based on all information validated by the user. In case of an anomaly reported by the user, no update will be made for the related information.
The system will automatically create permissions for legitimate delegates, it will register legitimate mobile devices and usual countries.
UPDATE - No alerts sent when a MFP right is downgraded
When a Mailbox Folder Permission right which have been previously assigned is downgraded, IDECSI do no longer send an alert for this type of configuration change.
Ex. VIP 1 previously assigned Owner rights on his calendar for Delegate 1. VIP 1 decides to switch the right level from Owner to Author.
This would usually trigger an alert because of the configuration change, but as the Author right is inferior to the Owner right, it won’t happen.
In terms of security, downgrading a right is rarely dangerous for a protected user.
NEW - Events can be flagged as 'Technical'
4.18.1 (15/11/2019)
NEW - User profile: management of the usual countries
NEW - Collected data: filters
NEW - Displaying the instance of the resource and icons
NEW - OnePage Report Customization
4.17 (16/09/2019)
NEW - Merge of alerts
Until now, when a new sharing was done on a resource (One Drive, SharePoint, Teams, etc…) or a new delegation configured on an email, the I2A platform issued two separate alerts:
- An alert for a change of rights or new sharing
- An access alert, the first time the beneficiary of the sharing or delegation accessed the resource.
I2A is now able to merge the two operations in order to avoid issuing the access alert.
NEW - Optimized Application Management in O365
The security team can now configure the creation of an alert as soon as a new application accesses a protected resource (for example LinkedIn that accesses your contacts)
Among the choices of the “Connected user” predicate present, the “an application” option is added. If this option is configured, an alert will be generated in case of access by any third party application to the resources.
UPDATE - Automatic deactivation of the protection of a protected resource
If a mailbox is disabled in Exchange, protection within I2A for the same resource will be disabled automatically, so it’s no longer necessary to wait for the information and manually disable the protection in I2A.
UPDATE - Added country predicate in ``Unusual access`` alert notifications
OTHER - Performance improvements, minor improvements and bug fixes
Improved automatic telephone number retrieval in I2A.
Fixed bug concerning the “Role groups” field when exporting to the “Users” section of I2A.
4.15 (01/07/2019)
NEW - Configuration alert management
In Azure AD, alerts following the addition of applications or the addition of permissions for applications
For Azure AD groups, alerts in the event of addition or modification of permissions for a linked protected resource (eg. adding an owner in Teams)
Alerts following changes in SharePoint and OneDrive sharing policies (eg. allowing anonymous sharing on the tenant)
Alerts following E-Discovery actions via Content-Search
Separation of SharePoint / OneDrive sharing alerts into internal / external subtypes
Taking into account the expiration date of anonymous sharing in SharePoint / OneDrive (if the user closes an alert regards time-limited anonymous sharing, new anonymous sharing after the time limit will be alerted)
Updated text in alerts for protected users
OTHER - Performance improvements, minor improvements and bug fixes
Richer modification and stopping options for learning, protection, Permanent Audit or Audit.
Addition of Azure AD groups and their members to OnePage and Excel audit reports for SharePoint
For SharePoint lists associated with an Azure AD group (via Teams), we will attempt to link the resource to one of the owners of the group
Improvement of the “repeated actions” predicate (eg LoginFailed on Azure AD resource)
Added expiration date for usual countries (as an option).
You will find here every month the latest news about IDECSI’s products. Don’t hesitate to connect to access the knowledge base or the feature requests.
4.54 (24/01/2023)
NEW - Information banner In MyDataSecurity
- A color: green, orange, red
- An icon from the list of icons available in MyDataSecurity
- A title and a message (in markdown: with formatting, adding link and image possible)
Note 1: banner mechanism will also be used in the future to display personalized messages for users (either manually by the administrators or automatically).
Note 2: As for other customizations, the banner can be scoped on Users, Instances, or Organization Units.
NEW - Display of all sensitivity labels in MyDataSecurity
- Labels considered as “sensitive” will always be displayed in red
- Other labels will be displayed in grey
NEW - Difference between owner and business owner
- (coming soon) Owner of the shared or private channel if applicable
- Microsoft 365 Group Owner if applicable
- SharePoint site owner
- Member of a group with Full Control rights on the SharePoint site
- User with Full Control rights on the SharePoint site
- Site Collection Administrator
NEW - Alert notifications system available as a Teams chat !
UPDATE - Automatic operations : Target collaborative resources
- Users belonging to an automatic operation policy with a high priority level will be evaluated first
- Among these users, potential Business Owners will be prioritized according to their rights level:
- (coming soon) Owner of the shared or private channel if applicable
- Microsoft 365 Group Owner if applicable
- SharePoint site owner
- Member of a group with Full Control rights on the SharePoint site
- User with Full Control rights on the SharePoint site
- Site Collection Administrator
- Among these users, the first user given by the protected collaboration platform will be selected to be Business Owner
4.53 (13/12/2022)
UPDATE - MyDataSecurity UX improvements
- Display of a red dot at the level of the files concerned by a point of attention
- When a user reports an access made from a new country, the country is hidden and the Operation done label no longer appears. The country report is still present in the Operations History.
- Add the date of last access for a country
- The “Operation done” labels no longer appear for countries reported to the security teams
- Merge of the View and Remove tabs in the different modal windows
- Modal windows are now centered at the page level
- When a security group is not yet collected, we precise it instead of writing that it is empty.
NEW - Footer at the bottom of MyDataSecurity
- Image or color for the background
- Between 1 or 5 links
- Each link must meet the different criteria: title with less than 50 characters, url
- An icon can be set for each link among a predefined list. It is possible to add new icon from the Fontawesome base, but not a customized image. Note that the supported version of Fontawesome is the v5.
UPDATE - Change of the behavior of “Validate security profile”
- Title: Hide my points of attention
- Configuration modal: You are about to hide your points of attention. This means that all of the risky items listed below are legitimate (including permissions on your mailbox, sharing links, sharing of sensitive data, and different countries of connection).
- Confirmation button: Confirm
- Confirmation modal: All the points of attention are considered legitimate
UPDATE - Enable to scope a campaign to groups
- Avoid the multiplication of OUs with a very fine mesh to meet the needs of administration, customization of uses, and security policies.
- Grouping of people independently of their belonging to an entity or an IT local (e.g.: France country, all members of the Finance departments).
NEW - I2A: Automatic operation's provisioning report
- Actual Organization Unit Id
- Actual Organization Unit Full Name
- Expected Organization Unit Id
- Expected Organization Unit Full name
- User I2A Id
- User I2A Full name
- UPN
- Display Name
- Provider Instance Id
- Provider Instance Name
- Provider Type
- Resource Name
- Result
- Current Status
- Expected Status
4.52 (15/11/2022)
UPDATE - MyDataSecurity UX improvements
- The number of attention points displayed for each resource is hidden, in preference to a red dot positioned on the resource icon
- The translations have been improved
- The button “Browse all” on the home page was removed, and the browsing per category was improved.
- The operations history was improved.
- A global operations history is now available on the home page.
- The label “Operation done” is progressively removed for the users for which a permission was removed on a specific document
- All resources are now collapsed by default (except if there is only one resource)
NEW - New collector for SharePoint On-premises (permissions scope)
- Expert
- MyDataSecurity
- Permission Explorer
UPDATE - Filter operations
- Environment: Provider Instance (ex: Office 365 – Intranet, Office 365 – Mailbox)
- Operation type: Automatic or Manual
- Identity: Identity used in the operation (ex: user principal name for automatic operations)
- Creation date min
- Creation date max
- Status: Pending, In progress, Partial, Complete, Cancelled, Failed
UPDATE - Collect custom information from Azure AD
It is now possible to collect Directory Attributes, in addition to Extension attributes (1-15) from Azure AD for each user (except Open Extension, Schema Extension, Custom Security Attributes).
Please note: Custom attributes are configurable via a support request only today. Evolution will be planned during the first half of 2023 to propose an interface to define the custom attributes to collect.
For example, the Manager id is now collected from Azure AD users. Also, the “EmployeeType” and “OfficeLocation” fields are collected for all Azure AD tenants and will now be displayed in Permission Explorer.
UPDATE - Enforce the sending of a campaign
UPDATE - Priorisation of the campaigns
UPDATE - Machine status in export
4.40 (13/10/2021)
UPDATE - Auto retry for operations
Protection and Audit jobs ran from the “Operations” menu are now automatically retried 3 times every 20 minutes to workaround Microsoft API behavior in case of failure and before giving the “failed” status available to I2A Administrators.
NEW - My Profile Warnings
Any risky configurations or overexposed data are now highlighted within a new section “Warnings” at the beginning of My Profile and in the menu with badges.
Expanding the Warnings section will show related details
This feature is configurable so please contact your Client Success Manager if you wan’t to add it.
NEW - My Profile link
We added a new button into the MyProfile page. It can be used to provide a link to your knowledge base, online help or user guide.
It allows customisation of
– its icon
– its URL target
Please feel free to contact your Client Success team in order to customise this change.
NEW - Azure Information Protection integration
IDECSI’s platform now collects metadata from Microsoft Information Protection in order to display sensitivity “labels” per file. It offers several use cases :
- Sensitivity information is given to the end user in the context of its usage, which helps to pinpoint faster potentially sensitive and overexposed data.
- Identify shared sensitive files and their permissions across the whole monitored environment
- Alert on actions involving sensitive data (new share, new permission, new access, …)
- Audit and alert on any change made by an admin regarding sensitivity labels thru Microsoft Office 365 Compliance dashboard
Technical view of the configuration object storing labels configuration. The object is permanently audited, any change or tentative of compromise could rise an alert.
- Audit any user labelling activities onto files
Please feel free to contact your Client Success Team or your Sales Engineer.
UPDATE - Remediation
We are now able to block an Azure Active Directory user account as incident response to an alert (i.e : impossible travel, simultaneous access).
UPDATE - MyProfile SharePoint Sites
UPDATE - MyProfile - highlight potential risks
Company, Anonymous, Guest links created with OneDrive, Teams or SharePoint as well Exchange’s default permission object, are now highlighted in red.
This feature is customisable to your internal policy (for instance if you consider such case is part of your organisation’s best practices).
Below is a sample of OneDrive and Mailbox view :
Please feel free to reach your Client Success team.
4.27 (11/08/2020)
NEW - Resources' last actions detection
In order to provide security teams additional visibility on the protected resources and their activity, we developed a new section on the Expert platform on which you can monitor the dates of the last activities on the resources.
This feature is particularly interesting if you want to know if there are unused resources among those which are collected by IDECSI.
In order to access the new section, click on the “Monitoring” link on the left as showed in the image; then apply the filters for a more precise research.
Once the research is done, you can also export it to .csv format by clicking on the export button.
NEW – Rule condition for Administrator operations
There are several scenarios for which O365 administrators have to interact with user’s resources, and for security teams it’s sometimes difficult to obtain information about admin’s actions when needed; so we have improved our capability to detect O365 Administrators operations in order to help you.
You can now decide to be alerted, or flag as safe, some operations made by admins, thanks to a new option added on the “Username” condition when create a policy.
Please feel free to reach out your Client Success Manager if you need help to deploy rules or to update the existing ones.
4.25 (15/07/2020)
NEW - German language available
UPDATE – Additional resources protection
UPDATE – Minor improvements & bug fix
Thanks to valuable feedback from our customers, a few bugs have been fixed and some visual or performance improvements have been made.
If you want to make suggestions about our product, you can use our Fetaure Requests page here: https://extranet.idecsi.com/feature-requests/
4.24 (09/06/2020)
NEW - Alerts autoclose feature (optional)
In order to improve our customer experience for end users deployments, we now provide to our customers the possibility to close opened alerts after a certain time automatically. So the user is no longer required to answer systematically, as the alerts with no answer will be automatically closed, and users can focus on alerts which require their attention.
This feature is fully configurable, you can either decide to close an alert after one or more reminders are sent for the same alert, or after a defined time-frame.
This option is available on users access and users configuration alerts, not on global configuration alerts and alerts raised from user’s feedback (Invalid state report).
The alerts automatically closed will be considered as valid on the IDECSI platform and the event which have triggered the alert as legitimate.
As the feature is inactive by default, we invite you to contact your Client Success Manager for implementation.
NEW – Tailored learning phase system
Learning phase is one of the key features of the IDECSI platform, as it provides a unique profile for each protected user, based on its accesses and configuration.
So we decided to make this procedure more flexible, allowing you to restart a learning phase for users in an easier and configurable way.
On the user’s Summary page, simply click on the icon as in the image below:
Then select the start date and for how many days you want the data to be considered for the profile creation.
Our engine will analyze the datasets provided for the time-frame, and create the profile accordingly, removing all the obsolete rules, devices and permission for the user, and creating new ones.
If a notification rule has been set up for users to receive a MyProfile email at the end of the learning phase, a notification will be sent at the end of each learning phase. Please contact your Customer Success Manager if you need assistance.
UPDATE – New IP addresses filters in the Collected Data
We really believe that the Data Collected page provides real value to our customers in terms of visibility and forensics on the O365 events, so we are improving this module to make your life as simple as possible.
Two additional filters have been added, allowing you to filter Collected Data by IP address or IP Origin.
4.23 (12/05/2020)
NEW - MyProfile campaigns management
This new feature provide an interface where customers can manage their MyProfile campaigns and set up several parameters for automatic send of MyProfile emails. You can access this from the “Operation” section in your Expert platform.
We invite you to contact your Client Success Manager for the implementation of your first campaign.
NEW – PowerBI data flow
UPDATE – Default owner for SharePoint library automatic protection or permanent audit
In a context where SharePoint libraries are automatically protected by IDECSI, you can now define a user by default to which these libraries will be attached to.
The SharePoint libraries can be consulted on the user’s Summary page and MyProfile.
Once attached to the user’s profile, it will be possible to reassign those libraries to other users directly from the Expert platform or MyProfile.
UPDATE – Edit end users general information on MyProfile
4.22 (14/04/2020)
UPDATE – Configuration Objects collected after alerts are closed
In I2A some types of alerts are related to Configuration Objects. (Inbox Rules, Applications Permissions, Sharing Set, …)
When you close an alert related to one of these objects, they will be automatically collected and updated, providing you the latest version of it instantly, instead of waiting the scheduled daily collection.
Since end-users can access their data through MyProfile, and report an anomaly such as an old delegation, it’s important that their profile is constantly updated, especially if the change is originated by their feedback.
UPDATE – ActiveSync events are excluded for the Geo-localization
Due to the fact that mobile devices are nomads by design and can switch network and localization very quickly and unpredictably, we decided to exclude the logs related to these from the calculations for the Geo-localization.
By doing this, we improved our Geo-localization by focusing on reliable sources of information, increasing the precision of all the rules related to this such as the “Move too Fast” and “Simultaneous“.
UPDATE – MyProfile improvements
This update provides general graphic and wording improvements and more details about the protected resources such as the Owners list of a SharePoint library or more details on each Exchange permission.
Customers can now customize colors of MyProfile web page. Check this with your Client Success Manager for more information.
If you have suggestions and ideas about MyProfile and IDECSI in general, please submit it to our “Feature Request” page: https://extranet.idecsi.com/feature-requests/
NEW – User feedback for SharePoint Library ownership
It’s very important to have visibility on SharePoint libraries, but it’s very hard to track all the membership and ownership for each library.
End-users can now inform the team in charge to whom belongs the SharePoint Library for which they’ve been assigned as owners, simply by clicking the button “not belong to me” and selecting another person from the list.
If the owner of the SharePoint Library do not appear in the list, they can still search it in the “Search for another user” section and it will be reported to the people involved.
In case the SharePoint Library is not used anymore, they can report it by clicking the “Delete” button. (It won’t delete the SharePoint Library of course, but just inform the people in charge)
4.21 (10/03/2020)
UPDATE – Folder Visible accesses on Default are masked
When a user accidentally activates the “Folder Visible” option on his mailbox on its Default Permission, it might generate several false positives alerts based on accesses, due to Microsoft activity on the resource.
These are not real accesses, as it’s not possible to access the mailbox only by activating the “Folder Visible” option without assigning a higher permission (author, owner, reader, …); that’s why now IDECSI mask these accesses and will not generate the delegate on the MyProfile page of the user.
NEW – New header in Alert Answer for closed alerts
NEW – Search bar for Configuration Objects
Since IDECSI can now collect more configuration objects from different types of resources (Mailbox, OneDrive, Teams, Sharepoint, …) we created a search bar in the Expert Platform for the names of the configuration objects so customers can easily find a specific one without having to filter on the type/name of the resource.
NEW – Permission creation based on configuration objects
In the past, the IDECSI platform used to create Permissions for delegates accessing the protected resources by analyzing the accesses in the last three weeks. So if a legitimate delegate didn’t access during this period, no Permission would have been created.
The system has evolved and now their Permissions are created based on the accesses AND the configuration objects, specifically all the delegates found in the “Mailbox Folder Permission”.
This will avoid false positives based on the fact that if a legitimate delegate access a protected resource AFTER the creation of the Permissions, this will trigger an alert.
NEW – End User notification for comments and alerts closing
It’s now possible to set up a notification rule pour end-users, allowing them to receive a notification when a new comment on their alert is made, or when an alert has been closed by someone else. (Security Team, assistant, …)
Deploying this allows you to create a direct link between end-users and security teams, as they can both receive notification when a new comment is made on an alert.
Please note that this is an optional feature and it won’t be activated by default.
4.20 (04/02/2020)
NEW - Customization of the header on all products
You can now customize the headers of all our products (MyProfile, Alert Answer, Expert platform, OnePage Report) with a logo and a name:
The header can be also customized on all the emails sent by IDECSI.
To deploy these customizations thank you to contact your Client Success Manager.
UPDATE - Automatic import of delegates
Idecsi has deployed the automatic import of delegates (users which do not benefit from continuous protection such as personal assistants and service accounts) in order to strenghten the protection around the protected users by preventing accesses made by compromised delegates accounts.
Now you can set up rules in order to be alerted in the event of a delegate’s connection to a protected resource from unusual countries or unusual protocol. (IMAP/POP/…)
At the end of the learning phase, all the delegates which had accessed to a protected resource during the learning phase will be automatically imported by IDECSI and a profile created for each.
All the delegates will be imported by default in the company OU (root).
In case you prefer that your delegates are imported into a different OU, you can ask your Client Succes Manager to change it.
NEW - Login attempts from unusual countries on MyProfile
IDECSI is now able to detect when a login to Office 365 fails. If it occurs from an unusual country, it will appear on MyProfile for the I2A administrators.
However, this information will not appear for the End-Users consulting their MyProfile.
Please note that a country from which we detected a failed login will never be registered as “Usual Country” on the IDECSI platform.
NEW - Alerts for Brute Force attempts
For Office 365 environments, a new alert rule has been deployed on the Global resources which monitor the brute force attacks.
If someone fails accessing its Office 365 account more than one time in a determined period (6 hours by default), IDECSI will alert you instantly.
NEW - Profile creation after end-user's MyProfile validation
At the end of the learning phase, the end-user will receive the link to the MyProfile page.
Once he has confirmed that all the information are correct, the IDECSI platform will automatically update the profile based on all information validated by the user. In case of an anomaly reported by the user, no update will be made for the related information.
The system will automatically create permissions for legitimate delegates, it will register legitimate mobile devices and usual countries.
UPDATE - No alerts sent when a MFP right is downgraded
When a Mailbox Folder Permission right which have been previously assigned is downgraded, IDECSI do no longer send an alert for this type of configuration change.
Ex. VIP 1 previously assigned Owner rights on his calendar for Delegate 1. VIP 1 decides to switch the right level from Owner to Author.
This would usually trigger an alert because of the configuration change, but as the Author right is inferior to the Owner right, it won’t happen.
In terms of security, downgrading a right is rarely dangerous for a protected user.
NEW - Events can be flagged as 'Technical'
4.18.1 (15/11/2019)
NEW - User profile: management of the usual countries
NEW - Collected data: filters
NEW - Displaying the instance of the resource and icons
NEW - OnePage Report Customization
4.17 (16/09/2019)
NEW - Merge of alerts
Until now, when a new sharing was done on a resource (One Drive, SharePoint, Teams, etc…) or a new delegation configured on an email, the I2A platform issued two separate alerts:
- An alert for a change of rights or new sharing
- An access alert, the first time the beneficiary of the sharing or delegation accessed the resource.
I2A is now able to merge the two operations in order to avoid issuing the access alert.
NEW - Optimized Application Management in O365
The security team can now configure the creation of an alert as soon as a new application accesses a protected resource (for example LinkedIn that accesses your contacts)
Among the choices of the “Connected user” predicate present, the “an application” option is added. If this option is configured, an alert will be generated in case of access by any third party application to the resources.
UPDATE - Automatic deactivation of the protection of a protected resource
If a mailbox is disabled in Exchange, protection within I2A for the same resource will be disabled automatically, so it’s no longer necessary to wait for the information and manually disable the protection in I2A.
UPDATE - Added country predicate in ``Unusual access`` alert notifications
OTHER - Performance improvements, minor improvements and bug fixes
Improved automatic telephone number retrieval in I2A.
Fixed bug concerning the “Role groups” field when exporting to the “Users” section of I2A.
4.15 (01/07/2019)
NEW - Configuration alert management
In Azure AD, alerts following the addition of applications or the addition of permissions for applications
For Azure AD groups, alerts in the event of addition or modification of permissions for a linked protected resource (eg. adding an owner in Teams)
Alerts following changes in SharePoint and OneDrive sharing policies (eg. allowing anonymous sharing on the tenant)
Alerts following E-Discovery actions via Content-Search
Separation of SharePoint / OneDrive sharing alerts into internal / external subtypes
Taking into account the expiration date of anonymous sharing in SharePoint / OneDrive (if the user closes an alert regards time-limited anonymous sharing, new anonymous sharing after the time limit will be alerted)
Updated text in alerts for protected users
OTHER - Performance improvements, minor improvements and bug fixes
Richer modification and stopping options for learning, protection, Permanent Audit or Audit.
Addition of Azure AD groups and their members to OnePage and Excel audit reports for SharePoint
For SharePoint lists associated with an Azure AD group (via Teams), we will attempt to link the resource to one of the owners of the group
Improvement of the “repeated actions” predicate (eg LoginFailed on Azure AD resource)
Added expiration date for usual countries (as an option).
You will find here every month the latest news about IDECSI’s products. Don’t hesitate to connect to access the knowledge base or the feature requests.
4.54 (24/01/2023)
NEW - Information banner In MyDataSecurity
- A color: green, orange, red
- An icon from the list of icons available in MyDataSecurity
- A title and a message (in markdown: with formatting, adding link and image possible)
Note 1: banner mechanism will also be used in the future to display personalized messages for users (either manually by the administrators or automatically).
Note 2: As for other customizations, the banner can be scoped on Users, Instances, or Organization Units.
NEW - Display of all sensitivity labels in MyDataSecurity
- Labels considered as “sensitive” will always be displayed in red
- Other labels will be displayed in grey
NEW - Difference between owner and business owner
- (coming soon) Owner of the shared or private channel if applicable
- Microsoft 365 Group Owner if applicable
- SharePoint site owner
- Member of a group with Full Control rights on the SharePoint site
- User with Full Control rights on the SharePoint site
- Site Collection Administrator
NEW - Alert notifications system available as a Teams chat !
UPDATE - Automatic operations : Target collaborative resources
- Users belonging to an automatic operation policy with a high priority level will be evaluated first
- Among these users, potential Business Owners will be prioritized according to their rights level:
- (coming soon) Owner of the shared or private channel if applicable
- Microsoft 365 Group Owner if applicable
- SharePoint site owner
- Member of a group with Full Control rights on the SharePoint site
- User with Full Control rights on the SharePoint site
- Site Collection Administrator
- Among these users, the first user given by the protected collaboration platform will be selected to be Business Owner
4.53 (13/12/2022)
UPDATE - MyDataSecurity UX improvements
- Display of a red dot at the level of the files concerned by a point of attention
- When a user reports an access made from a new country, the country is hidden and the Operation done label no longer appears. The country report is still present in the Operations History.
- Add the date of last access for a country
- The “Operation done” labels no longer appear for countries reported to the security teams
- Merge of the View and Remove tabs in the different modal windows
- Modal windows are now centered at the page level
- When a security group is not yet collected, we precise it instead of writing that it is empty.
NEW - Footer at the bottom of MyDataSecurity
- Image or color for the background
- Between 1 or 5 links
- Each link must meet the different criteria: title with less than 50 characters, url
- An icon can be set for each link among a predefined list. It is possible to add new icon from the Fontawesome base, but not a customized image. Note that the supported version of Fontawesome is the v5.
UPDATE - Change of the behavior of “Validate security profile”
- Title: Hide my points of attention
- Configuration modal: You are about to hide your points of attention. This means that all of the risky items listed below are legitimate (including permissions on your mailbox, sharing links, sharing of sensitive data, and different countries of connection).
- Confirmation button: Confirm
- Confirmation modal: All the points of attention are considered legitimate
UPDATE - Enable to scope a campaign to groups
- Avoid the multiplication of OUs with a very fine mesh to meet the needs of administration, customization of uses, and security policies.
- Grouping of people independently of their belonging to an entity or an IT local (e.g.: France country, all members of the Finance departments).
NEW - I2A: Automatic operation's provisioning report
- Actual Organization Unit Id
- Actual Organization Unit Full Name
- Expected Organization Unit Id
- Expected Organization Unit Full name
- User I2A Id
- User I2A Full name
- UPN
- Display Name
- Provider Instance Id
- Provider Instance Name
- Provider Type
- Resource Name
- Result
- Current Status
- Expected Status
4.52 (15/11/2022)
UPDATE - MyDataSecurity UX improvements
- The number of attention points displayed for each resource is hidden, in preference to a red dot positioned on the resource icon
- The translations have been improved
- The button “Browse all” on the home page was removed, and the browsing per category was improved.
- The operations history was improved.
- A global operations history is now available on the home page.
- The label “Operation done” is progressively removed for the users for which a permission was removed on a specific document
- All resources are now collapsed by default (except if there is only one resource)
NEW - New collector for SharePoint On-premises (permissions scope)
- Expert
- MyDataSecurity
- Permission Explorer
UPDATE - Filter operations
- Environment: Provider Instance (ex: Office 365 – Intranet, Office 365 – Mailbox)
- Operation type: Automatic or Manual
- Identity: Identity used in the operation (ex: user principal name for automatic operations)
- Creation date min
- Creation date max
- Status: Pending, In progress, Partial, Complete, Cancelled, Failed
UPDATE - Collect custom information from Azure AD
It is now possible to collect Directory Attributes, in addition to Extension attributes (1-15) from Azure AD for each user (except Open Extension, Schema Extension, Custom Security Attributes).
Please note: Custom attributes are configurable via a support request only today. Evolution will be planned during the first half of 2023 to propose an interface to define the custom attributes to collect.
For example, the Manager id is now collected from Azure AD users. Also, the “EmployeeType” and “OfficeLocation” fields are collected for all Azure AD tenants and will now be displayed in Permission Explorer.
UPDATE - Enforce the sending of a campaign
UPDATE - Priorisation of the campaigns
UPDATE - Machine status in export
4.40 (13/10/2021)
UPDATE - Auto retry for operations
Protection and Audit jobs ran from the “Operations” menu are now automatically retried 3 times every 20 minutes to workaround Microsoft API behavior in case of failure and before giving the “failed” status available to I2A Administrators.
NEW - My Profile Warnings
Any risky configurations or overexposed data are now highlighted within a new section “Warnings” at the beginning of My Profile and in the menu with badges.
Expanding the Warnings section will show related details
This feature is configurable so please contact your Client Success Manager if you wan’t to add it.
NEW - My Profile link
We added a new button into the MyProfile page. It can be used to provide a link to your knowledge base, online help or user guide.
It allows customisation of
– its icon
– its URL target
Please feel free to contact your Client Success team in order to customise this change.
NEW - Azure Information Protection integration
IDECSI’s platform now collects metadata from Microsoft Information Protection in order to display sensitivity “labels” per file. It offers several use cases :
- Sensitivity information is given to the end user in the context of its usage, which helps to pinpoint faster potentially sensitive and overexposed data.
- Identify shared sensitive files and their permissions across the whole monitored environment
- Alert on actions involving sensitive data (new share, new permission, new access, …)
- Audit and alert on any change made by an admin regarding sensitivity labels thru Microsoft Office 365 Compliance dashboard
Technical view of the configuration object storing labels configuration. The object is permanently audited, any change or tentative of compromise could rise an alert.
- Audit any user labelling activities onto files
Please feel free to contact your Client Success Team or your Sales Engineer.
UPDATE - Remediation
We are now able to block an Azure Active Directory user account as incident response to an alert (i.e : impossible travel, simultaneous access).
UPDATE - MyProfile SharePoint Sites
UPDATE - MyProfile - highlight potential risks
Company, Anonymous, Guest links created with OneDrive, Teams or SharePoint as well Exchange’s default permission object, are now highlighted in red.
This feature is customisable to your internal policy (for instance if you consider such case is part of your organisation’s best practices).
Below is a sample of OneDrive and Mailbox view :
Please feel free to reach your Client Success team.
4.27 (11/08/2020)
NEW - Resources' last actions detection
In order to provide security teams additional visibility on the protected resources and their activity, we developed a new section on the Expert platform on which you can monitor the dates of the last activities on the resources.
This feature is particularly interesting if you want to know if there are unused resources among those which are collected by IDECSI.
In order to access the new section, click on the “Monitoring” link on the left as showed in the image; then apply the filters for a more precise research.
Once the research is done, you can also export it to .csv format by clicking on the export button.
NEW – Rule condition for Administrator operations
There are several scenarios for which O365 administrators have to interact with user’s resources, and for security teams it’s sometimes difficult to obtain information about admin’s actions when needed; so we have improved our capability to detect O365 Administrators operations in order to help you.
You can now decide to be alerted, or flag as safe, some operations made by admins, thanks to a new option added on the “Username” condition when create a policy.
Please feel free to reach out your Client Success Manager if you need help to deploy rules or to update the existing ones.
4.25 (15/07/2020)
NEW - German language available
UPDATE – Additional resources protection
UPDATE – Minor improvements & bug fix
Thanks to valuable feedback from our customers, a few bugs have been fixed and some visual or performance improvements have been made.
If you want to make suggestions about our product, you can use our Fetaure Requests page here: https://extranet.idecsi.com/feature-requests/
4.24 (09/06/2020)
NEW - Alerts autoclose feature (optional)
In order to improve our customer experience for end users deployments, we now provide to our customers the possibility to close opened alerts after a certain time automatically. So the user is no longer required to answer systematically, as the alerts with no answer will be automatically closed, and users can focus on alerts which require their attention.
This feature is fully configurable, you can either decide to close an alert after one or more reminders are sent for the same alert, or after a defined time-frame.
This option is available on users access and users configuration alerts, not on global configuration alerts and alerts raised from user’s feedback (Invalid state report).
The alerts automatically closed will be considered as valid on the IDECSI platform and the event which have triggered the alert as legitimate.
As the feature is inactive by default, we invite you to contact your Client Success Manager for implementation.
NEW – Tailored learning phase system
Learning phase is one of the key features of the IDECSI platform, as it provides a unique profile for each protected user, based on its accesses and configuration.
So we decided to make this procedure more flexible, allowing you to restart a learning phase for users in an easier and configurable way.
On the user’s Summary page, simply click on the icon as in the image below:
Then select the start date and for how many days you want the data to be considered for the profile creation.
Our engine will analyze the datasets provided for the time-frame, and create the profile accordingly, removing all the obsolete rules, devices and permission for the user, and creating new ones.
If a notification rule has been set up for users to receive a MyProfile email at the end of the learning phase, a notification will be sent at the end of each learning phase. Please contact your Customer Success Manager if you need assistance.
UPDATE – New IP addresses filters in the Collected Data
We really believe that the Data Collected page provides real value to our customers in terms of visibility and forensics on the O365 events, so we are improving this module to make your life as simple as possible.
Two additional filters have been added, allowing you to filter Collected Data by IP address or IP Origin.
4.23 (12/05/2020)
NEW - MyProfile campaigns management
This new feature provide an interface where customers can manage their MyProfile campaigns and set up several parameters for automatic send of MyProfile emails. You can access this from the “Operation” section in your Expert platform.
We invite you to contact your Client Success Manager for the implementation of your first campaign.
NEW – PowerBI data flow
UPDATE – Default owner for SharePoint library automatic protection or permanent audit
In a context where SharePoint libraries are automatically protected by IDECSI, you can now define a user by default to which these libraries will be attached to.
The SharePoint libraries can be consulted on the user’s Summary page and MyProfile.
Once attached to the user’s profile, it will be possible to reassign those libraries to other users directly from the Expert platform or MyProfile.
UPDATE – Edit end users general information on MyProfile
4.22 (14/04/2020)
UPDATE – Configuration Objects collected after alerts are closed
In I2A some types of alerts are related to Configuration Objects. (Inbox Rules, Applications Permissions, Sharing Set, …)
When you close an alert related to one of these objects, they will be automatically collected and updated, providing you the latest version of it instantly, instead of waiting the scheduled daily collection.
Since end-users can access their data through MyProfile, and report an anomaly such as an old delegation, it’s important that their profile is constantly updated, especially if the change is originated by their feedback.
UPDATE – ActiveSync events are excluded for the Geo-localization
Due to the fact that mobile devices are nomads by design and can switch network and localization very quickly and unpredictably, we decided to exclude the logs related to these from the calculations for the Geo-localization.
By doing this, we improved our Geo-localization by focusing on reliable sources of information, increasing the precision of all the rules related to this such as the “Move too Fast” and “Simultaneous“.
UPDATE – MyProfile improvements
This update provides general graphic and wording improvements and more details about the protected resources such as the Owners list of a SharePoint library or more details on each Exchange permission.
Customers can now customize colors of MyProfile web page. Check this with your Client Success Manager for more information.
If you have suggestions and ideas about MyProfile and IDECSI in general, please submit it to our “Feature Request” page: https://extranet.idecsi.com/feature-requests/
NEW – User feedback for SharePoint Library ownership
It’s very important to have visibility on SharePoint libraries, but it’s very hard to track all the membership and ownership for each library.
End-users can now inform the team in charge to whom belongs the SharePoint Library for which they’ve been assigned as owners, simply by clicking the button “not belong to me” and selecting another person from the list.
If the owner of the SharePoint Library do not appear in the list, they can still search it in the “Search for another user” section and it will be reported to the people involved.
In case the SharePoint Library is not used anymore, they can report it by clicking the “Delete” button. (It won’t delete the SharePoint Library of course, but just inform the people in charge)
4.21 (10/03/2020)
UPDATE – Folder Visible accesses on Default are masked
When a user accidentally activates the “Folder Visible” option on his mailbox on its Default Permission, it might generate several false positives alerts based on accesses, due to Microsoft activity on the resource.
These are not real accesses, as it’s not possible to access the mailbox only by activating the “Folder Visible” option without assigning a higher permission (author, owner, reader, …); that’s why now IDECSI mask these accesses and will not generate the delegate on the MyProfile page of the user.
NEW – New header in Alert Answer for closed alerts
NEW – Search bar for Configuration Objects
Since IDECSI can now collect more configuration objects from different types of resources (Mailbox, OneDrive, Teams, Sharepoint, …) we created a search bar in the Expert Platform for the names of the configuration objects so customers can easily find a specific one without having to filter on the type/name of the resource.
NEW – Permission creation based on configuration objects
In the past, the IDECSI platform used to create Permissions for delegates accessing the protected resources by analyzing the accesses in the last three weeks. So if a legitimate delegate didn’t access during this period, no Permission would have been created.
The system has evolved and now their Permissions are created based on the accesses AND the configuration objects, specifically all the delegates found in the “Mailbox Folder Permission”.
This will avoid false positives based on the fact that if a legitimate delegate access a protected resource AFTER the creation of the Permissions, this will trigger an alert.
NEW – End User notification for comments and alerts closing
It’s now possible to set up a notification rule pour end-users, allowing them to receive a notification when a new comment on their alert is made, or when an alert has been closed by someone else. (Security Team, assistant, …)
Deploying this allows you to create a direct link between end-users and security teams, as they can both receive notification when a new comment is made on an alert.
Please note that this is an optional feature and it won’t be activated by default.
4.20 (04/02/2020)
NEW - Customization of the header on all products
You can now customize the headers of all our products (MyProfile, Alert Answer, Expert platform, OnePage Report) with a logo and a name:
The header can be also customized on all the emails sent by IDECSI.
To deploy these customizations thank you to contact your Client Success Manager.
UPDATE - Automatic import of delegates
Idecsi has deployed the automatic import of delegates (users which do not benefit from continuous protection such as personal assistants and service accounts) in order to strenghten the protection around the protected users by preventing accesses made by compromised delegates accounts.
Now you can set up rules in order to be alerted in the event of a delegate’s connection to a protected resource from unusual countries or unusual protocol. (IMAP/POP/…)
At the end of the learning phase, all the delegates which had accessed to a protected resource during the learning phase will be automatically imported by IDECSI and a profile created for each.
All the delegates will be imported by default in the company OU (root).
In case you prefer that your delegates are imported into a different OU, you can ask your Client Succes Manager to change it.
NEW - Login attempts from unusual countries on MyProfile
IDECSI is now able to detect when a login to Office 365 fails. If it occurs from an unusual country, it will appear on MyProfile for the I2A administrators.
However, this information will not appear for the End-Users consulting their MyProfile.
Please note that a country from which we detected a failed login will never be registered as “Usual Country” on the IDECSI platform.
NEW - Alerts for Brute Force attempts
For Office 365 environments, a new alert rule has been deployed on the Global resources which monitor the brute force attacks.
If someone fails accessing its Office 365 account more than one time in a determined period (6 hours by default), IDECSI will alert you instantly.
NEW - Profile creation after end-user's MyProfile validation
At the end of the learning phase, the end-user will receive the link to the MyProfile page.
Once he has confirmed that all the information are correct, the IDECSI platform will automatically update the profile based on all information validated by the user. In case of an anomaly reported by the user, no update will be made for the related information.
The system will automatically create permissions for legitimate delegates, it will register legitimate mobile devices and usual countries.
UPDATE - No alerts sent when a MFP right is downgraded
When a Mailbox Folder Permission right which have been previously assigned is downgraded, IDECSI do no longer send an alert for this type of configuration change.
Ex. VIP 1 previously assigned Owner rights on his calendar for Delegate 1. VIP 1 decides to switch the right level from Owner to Author.
This would usually trigger an alert because of the configuration change, but as the Author right is inferior to the Owner right, it won’t happen.
In terms of security, downgrading a right is rarely dangerous for a protected user.
NEW - Events can be flagged as 'Technical'
4.18.1 (15/11/2019)
NEW - User profile: management of the usual countries
NEW - Collected data: filters
NEW - Displaying the instance of the resource and icons
NEW - OnePage Report Customization
4.17 (16/09/2019)
NEW - Merge of alerts
Until now, when a new sharing was done on a resource (One Drive, SharePoint, Teams, etc…) or a new delegation configured on an email, the I2A platform issued two separate alerts:
- An alert for a change of rights or new sharing
- An access alert, the first time the beneficiary of the sharing or delegation accessed the resource.
I2A is now able to merge the two operations in order to avoid issuing the access alert.
NEW - Optimized Application Management in O365
The security team can now configure the creation of an alert as soon as a new application accesses a protected resource (for example LinkedIn that accesses your contacts)
Among the choices of the “Connected user” predicate present, the “an application” option is added. If this option is configured, an alert will be generated in case of access by any third party application to the resources.
UPDATE - Automatic deactivation of the protection of a protected resource
If a mailbox is disabled in Exchange, protection within I2A for the same resource will be disabled automatically, so it’s no longer necessary to wait for the information and manually disable the protection in I2A.
UPDATE - Added country predicate in ``Unusual access`` alert notifications
OTHER - Performance improvements, minor improvements and bug fixes
Improved automatic telephone number retrieval in I2A.
Fixed bug concerning the “Role groups” field when exporting to the “Users” section of I2A.
4.15 (01/07/2019)
NEW - Configuration alert management
In Azure AD, alerts following the addition of applications or the addition of permissions for applications
For Azure AD groups, alerts in the event of addition or modification of permissions for a linked protected resource (eg. adding an owner in Teams)
Alerts following changes in SharePoint and OneDrive sharing policies (eg. allowing anonymous sharing on the tenant)
Alerts following E-Discovery actions via Content-Search
Separation of SharePoint / OneDrive sharing alerts into internal / external subtypes
Taking into account the expiration date of anonymous sharing in SharePoint / OneDrive (if the user closes an alert regards time-limited anonymous sharing, new anonymous sharing after the time limit will be alerted)
Updated text in alerts for protected users
OTHER - Performance improvements, minor improvements and bug fixes
Richer modification and stopping options for learning, protection, Permanent Audit or Audit.
Addition of Azure AD groups and their members to OnePage and Excel audit reports for SharePoint
For SharePoint lists associated with an Azure AD group (via Teams), we will attempt to link the resource to one of the owners of the group
Improvement of the “repeated actions” predicate (eg LoginFailed on Azure AD resource)
Added expiration date for usual countries (as an option).
You will find here every month the latest news about IDECSI’s products. Don’t hesitate to connect to access the knowledge base or the feature requests.
4.54 (24/01/2023)
NEW - Information banner In MyDataSecurity
- A color: green, orange, red
- An icon from the list of icons available in MyDataSecurity
- A title and a message (in markdown: with formatting, adding link and image possible)
Note 1: banner mechanism will also be used in the future to display personalized messages for users (either manually by the administrators or automatically).
Note 2: As for other customizations, the banner can be scoped on Users, Instances, or Organization Units.
NEW - Display of all sensitivity labels in MyDataSecurity
- Labels considered as “sensitive” will always be displayed in red
- Other labels will be displayed in grey
NEW - Difference between owner and business owner
- (coming soon) Owner of the shared or private channel if applicable
- Microsoft 365 Group Owner if applicable
- SharePoint site owner
- Member of a group with Full Control rights on the SharePoint site
- User with Full Control rights on the SharePoint site
- Site Collection Administrator
NEW - Alert notifications system available as a Teams chat !
UPDATE - Automatic operations : Target collaborative resources
- Users belonging to an automatic operation policy with a high priority level will be evaluated first
- Among these users, potential Business Owners will be prioritized according to their rights level:
- (coming soon) Owner of the shared or private channel if applicable
- Microsoft 365 Group Owner if applicable
- SharePoint site owner
- Member of a group with Full Control rights on the SharePoint site
- User with Full Control rights on the SharePoint site
- Site Collection Administrator
- Among these users, the first user given by the protected collaboration platform will be selected to be Business Owner
4.53 (13/12/2022)
UPDATE - MyDataSecurity UX improvements
- Display of a red dot at the level of the files concerned by a point of attention
- When a user reports an access made from a new country, the country is hidden and the Operation done label no longer appears. The country report is still present in the Operations History.
- Add the date of last access for a country
- The “Operation done” labels no longer appear for countries reported to the security teams
- Merge of the View and Remove tabs in the different modal windows
- Modal windows are now centered at the page level
- When a security group is not yet collected, we precise it instead of writing that it is empty.
NEW - Footer at the bottom of MyDataSecurity
- Image or color for the background
- Between 1 or 5 links
- Each link must meet the different criteria: title with less than 50 characters, url
- An icon can be set for each link among a predefined list. It is possible to add new icon from the Fontawesome base, but not a customized image. Note that the supported version of Fontawesome is the v5.
UPDATE - Change of the behavior of “Validate security profile”
- Title: Hide my points of attention
- Configuration modal: You are about to hide your points of attention. This means that all of the risky items listed below are legitimate (including permissions on your mailbox, sharing links, sharing of sensitive data, and different countries of connection).
- Confirmation button: Confirm
- Confirmation modal: All the points of attention are considered legitimate
UPDATE - Enable to scope a campaign to groups
- Avoid the multiplication of OUs with a very fine mesh to meet the needs of administration, customization of uses, and security policies.
- Grouping of people independently of their belonging to an entity or an IT local (e.g.: France country, all members of the Finance departments).
NEW - I2A: Automatic operation's provisioning report
- Actual Organization Unit Id
- Actual Organization Unit Full Name
- Expected Organization Unit Id
- Expected Organization Unit Full name
- User I2A Id
- User I2A Full name
- UPN
- Display Name
- Provider Instance Id
- Provider Instance Name
- Provider Type
- Resource Name
- Result
- Current Status
- Expected Status
4.52 (15/11/2022)
UPDATE - MyDataSecurity UX improvements
- The number of attention points displayed for each resource is hidden, in preference to a red dot positioned on the resource icon
- The translations have been improved
- The button “Browse all” on the home page was removed, and the browsing per category was improved.
- The operations history was improved.
- A global operations history is now available on the home page.
- The label “Operation done” is progressively removed for the users for which a permission was removed on a specific document
- All resources are now collapsed by default (except if there is only one resource)
NEW - New collector for SharePoint On-premises (permissions scope)
- Expert
- MyDataSecurity
- Permission Explorer
UPDATE - Filter operations
- Environment: Provider Instance (ex: Office 365 – Intranet, Office 365 – Mailbox)
- Operation type: Automatic or Manual
- Identity: Identity used in the operation (ex: user principal name for automatic operations)
- Creation date min
- Creation date max
- Status: Pending, In progress, Partial, Complete, Cancelled, Failed
UPDATE - Collect custom information from Azure AD
It is now possible to collect Directory Attributes, in addition to Extension attributes (1-15) from Azure AD for each user (except Open Extension, Schema Extension, Custom Security Attributes).
Please note: Custom attributes are configurable via a support request only today. Evolution will be planned during the first half of 2023 to propose an interface to define the custom attributes to collect.
For example, the Manager id is now collected from Azure AD users. Also, the “EmployeeType” and “OfficeLocation” fields are collected for all Azure AD tenants and will now be displayed in Permission Explorer.
UPDATE - Enforce the sending of a campaign
UPDATE - Priorisation of the campaigns
UPDATE - Machine status in export
4.40 (13/10/2021)
UPDATE - Auto retry for operations
Protection and Audit jobs ran from the “Operations” menu are now automatically retried 3 times every 20 minutes to workaround Microsoft API behavior in case of failure and before giving the “failed” status available to I2A Administrators.
NEW - My Profile Warnings
Any risky configurations or overexposed data are now highlighted within a new section “Warnings” at the beginning of My Profile and in the menu with badges.
Expanding the Warnings section will show related details
This feature is configurable so please contact your Client Success Manager if you wan’t to add it.
NEW - My Profile link
We added a new button into the MyProfile page. It can be used to provide a link to your knowledge base, online help or user guide.
It allows customisation of
– its icon
– its URL target
Please feel free to contact your Client Success team in order to customise this change.
NEW - Azure Information Protection integration
IDECSI’s platform now collects metadata from Microsoft Information Protection in order to display sensitivity “labels” per file. It offers several use cases :
- Sensitivity information is given to the end user in the context of its usage, which helps to pinpoint faster potentially sensitive and overexposed data.
- Identify shared sensitive files and their permissions across the whole monitored environment
- Alert on actions involving sensitive data (new share, new permission, new access, …)
- Audit and alert on any change made by an admin regarding sensitivity labels thru Microsoft Office 365 Compliance dashboard
Technical view of the configuration object storing labels configuration. The object is permanently audited, any change or tentative of compromise could rise an alert.
- Audit any user labelling activities onto files
Please feel free to contact your Client Success Team or your Sales Engineer.
UPDATE - Remediation
We are now able to block an Azure Active Directory user account as incident response to an alert (i.e : impossible travel, simultaneous access).
UPDATE - MyProfile SharePoint Sites
UPDATE - MyProfile - highlight potential risks
Company, Anonymous, Guest links created with OneDrive, Teams or SharePoint as well Exchange’s default permission object, are now highlighted in red.
This feature is customisable to your internal policy (for instance if you consider such case is part of your organisation’s best practices).
Below is a sample of OneDrive and Mailbox view :
Please feel free to reach your Client Success team.
4.27 (11/08/2020)
NEW - Resources' last actions detection
In order to provide security teams additional visibility on the protected resources and their activity, we developed a new section on the Expert platform on which you can monitor the dates of the last activities on the resources.
This feature is particularly interesting if you want to know if there are unused resources among those which are collected by IDECSI.
In order to access the new section, click on the “Monitoring” link on the left as showed in the image; then apply the filters for a more precise research.
Once the research is done, you can also export it to .csv format by clicking on the export button.
NEW – Rule condition for Administrator operations
There are several scenarios for which O365 administrators have to interact with user’s resources, and for security teams it’s sometimes difficult to obtain information about admin’s actions when needed; so we have improved our capability to detect O365 Administrators operations in order to help you.
You can now decide to be alerted, or flag as safe, some operations made by admins, thanks to a new option added on the “Username” condition when create a policy.
Please feel free to reach out your Client Success Manager if you need help to deploy rules or to update the existing ones.
4.25 (15/07/2020)
NEW - German language available
UPDATE – Additional resources protection
UPDATE – Minor improvements & bug fix
Thanks to valuable feedback from our customers, a few bugs have been fixed and some visual or performance improvements have been made.
If you want to make suggestions about our product, you can use our Fetaure Requests page here: https://extranet.idecsi.com/feature-requests/
4.24 (09/06/2020)
NEW - Alerts autoclose feature (optional)
In order to improve our customer experience for end users deployments, we now provide to our customers the possibility to close opened alerts after a certain time automatically. So the user is no longer required to answer systematically, as the alerts with no answer will be automatically closed, and users can focus on alerts which require their attention.
This feature is fully configurable, you can either decide to close an alert after one or more reminders are sent for the same alert, or after a defined time-frame.
This option is available on users access and users configuration alerts, not on global configuration alerts and alerts raised from user’s feedback (Invalid state report).
The alerts automatically closed will be considered as valid on the IDECSI platform and the event which have triggered the alert as legitimate.
As the feature is inactive by default, we invite you to contact your Client Success Manager for implementation.
NEW – Tailored learning phase system
Learning phase is one of the key features of the IDECSI platform, as it provides a unique profile for each protected user, based on its accesses and configuration.
So we decided to make this procedure more flexible, allowing you to restart a learning phase for users in an easier and configurable way.
On the user’s Summary page, simply click on the icon as in the image below:
Then select the start date and for how many days you want the data to be considered for the profile creation.
Our engine will analyze the datasets provided for the time-frame, and create the profile accordingly, removing all the obsolete rules, devices and permission for the user, and creating new ones.
If a notification rule has been set up for users to receive a MyProfile email at the end of the learning phase, a notification will be sent at the end of each learning phase. Please contact your Customer Success Manager if you need assistance.
UPDATE – New IP addresses filters in the Collected Data
We really believe that the Data Collected page provides real value to our customers in terms of visibility and forensics on the O365 events, so we are improving this module to make your life as simple as possible.
Two additional filters have been added, allowing you to filter Collected Data by IP address or IP Origin.
4.23 (12/05/2020)
NEW - MyProfile campaigns management
This new feature provide an interface where customers can manage their MyProfile campaigns and set up several parameters for automatic send of MyProfile emails. You can access this from the “Operation” section in your Expert platform.
We invite you to contact your Client Success Manager for the implementation of your first campaign.
NEW – PowerBI data flow
UPDATE – Default owner for SharePoint library automatic protection or permanent audit
In a context where SharePoint libraries are automatically protected by IDECSI, you can now define a user by default to which these libraries will be attached to.
The SharePoint libraries can be consulted on the user’s Summary page and MyProfile.
Once attached to the user’s profile, it will be possible to reassign those libraries to other users directly from the Expert platform or MyProfile.
UPDATE – Edit end users general information on MyProfile
4.22 (14/04/2020)
UPDATE – Configuration Objects collected after alerts are closed
In I2A some types of alerts are related to Configuration Objects. (Inbox Rules, Applications Permissions, Sharing Set, …)
When you close an alert related to one of these objects, they will be automatically collected and updated, providing you the latest version of it instantly, instead of waiting the scheduled daily collection.
Since end-users can access their data through MyProfile, and report an anomaly such as an old delegation, it’s important that their profile is constantly updated, especially if the change is originated by their feedback.
UPDATE – ActiveSync events are excluded for the Geo-localization
Due to the fact that mobile devices are nomads by design and can switch network and localization very quickly and unpredictably, we decided to exclude the logs related to these from the calculations for the Geo-localization.
By doing this, we improved our Geo-localization by focusing on reliable sources of information, increasing the precision of all the rules related to this such as the “Move too Fast” and “Simultaneous“.
UPDATE – MyProfile improvements
This update provides general graphic and wording improvements and more details about the protected resources such as the Owners list of a SharePoint library or more details on each Exchange permission.
Customers can now customize colors of MyProfile web page. Check this with your Client Success Manager for more information.
If you have suggestions and ideas about MyProfile and IDECSI in general, please submit it to our “Feature Request” page: https://extranet.idecsi.com/feature-requests/
NEW – User feedback for SharePoint Library ownership
It’s very important to have visibility on SharePoint libraries, but it’s very hard to track all the membership and ownership for each library.
End-users can now inform the team in charge to whom belongs the SharePoint Library for which they’ve been assigned as owners, simply by clicking the button “not belong to me” and selecting another person from the list.
If the owner of the SharePoint Library do not appear in the list, they can still search it in the “Search for another user” section and it will be reported to the people involved.
In case the SharePoint Library is not used anymore, they can report it by clicking the “Delete” button. (It won’t delete the SharePoint Library of course, but just inform the people in charge)
4.21 (10/03/2020)
UPDATE – Folder Visible accesses on Default are masked
When a user accidentally activates the “Folder Visible” option on his mailbox on its Default Permission, it might generate several false positives alerts based on accesses, due to Microsoft activity on the resource.
These are not real accesses, as it’s not possible to access the mailbox only by activating the “Folder Visible” option without assigning a higher permission (author, owner, reader, …); that’s why now IDECSI mask these accesses and will not generate the delegate on the MyProfile page of the user.
NEW – New header in Alert Answer for closed alerts
NEW – Search bar for Configuration Objects
Since IDECSI can now collect more configuration objects from different types of resources (Mailbox, OneDrive, Teams, Sharepoint, …) we created a search bar in the Expert Platform for the names of the configuration objects so customers can easily find a specific one without having to filter on the type/name of the resource.
NEW – Permission creation based on configuration objects
In the past, the IDECSI platform used to create Permissions for delegates accessing the protected resources by analyzing the accesses in the last three weeks. So if a legitimate delegate didn’t access during this period, no Permission would have been created.
The system has evolved and now their Permissions are created based on the accesses AND the configuration objects, specifically all the delegates found in the “Mailbox Folder Permission”.
This will avoid false positives based on the fact that if a legitimate delegate access a protected resource AFTER the creation of the Permissions, this will trigger an alert.
NEW – End User notification for comments and alerts closing
It’s now possible to set up a notification rule pour end-users, allowing them to receive a notification when a new comment on their alert is made, or when an alert has been closed by someone else. (Security Team, assistant, …)
Deploying this allows you to create a direct link between end-users and security teams, as they can both receive notification when a new comment is made on an alert.
Please note that this is an optional feature and it won’t be activated by default.
4.20 (04/02/2020)
NEW - Customization of the header on all products
You can now customize the headers of all our products (MyProfile, Alert Answer, Expert platform, OnePage Report) with a logo and a name:
The header can be also customized on all the emails sent by IDECSI.
To deploy these customizations thank you to contact your Client Success Manager.
UPDATE - Automatic import of delegates
Idecsi has deployed the automatic import of delegates (users which do not benefit from continuous protection such as personal assistants and service accounts) in order to strenghten the protection around the protected users by preventing accesses made by compromised delegates accounts.
Now you can set up rules in order to be alerted in the event of a delegate’s connection to a protected resource from unusual countries or unusual protocol. (IMAP/POP/…)
At the end of the learning phase, all the delegates which had accessed to a protected resource during the learning phase will be automatically imported by IDECSI and a profile created for each.
All the delegates will be imported by default in the company OU (root).
In case you prefer that your delegates are imported into a different OU, you can ask your Client Succes Manager to change it.
NEW - Login attempts from unusual countries on MyProfile
IDECSI is now able to detect when a login to Office 365 fails. If it occurs from an unusual country, it will appear on MyProfile for the I2A administrators.
However, this information will not appear for the End-Users consulting their MyProfile.
Please note that a country from which we detected a failed login will never be registered as “Usual Country” on the IDECSI platform.
NEW - Alerts for Brute Force attempts
For Office 365 environments, a new alert rule has been deployed on the Global resources which monitor the brute force attacks.
If someone fails accessing its Office 365 account more than one time in a determined period (6 hours by default), IDECSI will alert you instantly.
NEW - Profile creation after end-user's MyProfile validation
At the end of the learning phase, the end-user will receive the link to the MyProfile page.
Once he has confirmed that all the information are correct, the IDECSI platform will automatically update the profile based on all information validated by the user. In case of an anomaly reported by the user, no update will be made for the related information.
The system will automatically create permissions for legitimate delegates, it will register legitimate mobile devices and usual countries.
UPDATE - No alerts sent when a MFP right is downgraded
When a Mailbox Folder Permission right which have been previously assigned is downgraded, IDECSI do no longer send an alert for this type of configuration change.
Ex. VIP 1 previously assigned Owner rights on his calendar for Delegate 1. VIP 1 decides to switch the right level from Owner to Author.
This would usually trigger an alert because of the configuration change, but as the Author right is inferior to the Owner right, it won’t happen.
In terms of security, downgrading a right is rarely dangerous for a protected user.
NEW - Events can be flagged as 'Technical'
4.18.1 (15/11/2019)
NEW - User profile: management of the usual countries
NEW - Collected data: filters
NEW - Displaying the instance of the resource and icons
NEW - OnePage Report Customization
4.17 (16/09/2019)
NEW - Merge of alerts
Until now, when a new sharing was done on a resource (One Drive, SharePoint, Teams, etc…) or a new delegation configured on an email, the I2A platform issued two separate alerts:
- An alert for a change of rights or new sharing
- An access alert, the first time the beneficiary of the sharing or delegation accessed the resource.
I2A is now able to merge the two operations in order to avoid issuing the access alert.
NEW - Optimized Application Management in O365
The security team can now configure the creation of an alert as soon as a new application accesses a protected resource (for example LinkedIn that accesses your contacts)
Among the choices of the “Connected user” predicate present, the “an application” option is added. If this option is configured, an alert will be generated in case of access by any third party application to the resources.
UPDATE - Automatic deactivation of the protection of a protected resource
If a mailbox is disabled in Exchange, protection within I2A for the same resource will be disabled automatically, so it’s no longer necessary to wait for the information and manually disable the protection in I2A.
UPDATE - Added country predicate in ``Unusual access`` alert notifications
OTHER - Performance improvements, minor improvements and bug fixes
Improved automatic telephone number retrieval in I2A.
Fixed bug concerning the “Role groups” field when exporting to the “Users” section of I2A.
4.15 (01/07/2019)
NEW - Configuration alert management
In Azure AD, alerts following the addition of applications or the addition of permissions for applications
For Azure AD groups, alerts in the event of addition or modification of permissions for a linked protected resource (eg. adding an owner in Teams)
Alerts following changes in SharePoint and OneDrive sharing policies (eg. allowing anonymous sharing on the tenant)
Alerts following E-Discovery actions via Content-Search
Separation of SharePoint / OneDrive sharing alerts into internal / external subtypes
Taking into account the expiration date of anonymous sharing in SharePoint / OneDrive (if the user closes an alert regards time-limited anonymous sharing, new anonymous sharing after the time limit will be alerted)
Updated text in alerts for protected users
OTHER - Performance improvements, minor improvements and bug fixes
Richer modification and stopping options for learning, protection, Permanent Audit or Audit.
Addition of Azure AD groups and their members to OnePage and Excel audit reports for SharePoint
For SharePoint lists associated with an Azure AD group (via Teams), we will attempt to link the resource to one of the owners of the group
Improvement of the “repeated actions” predicate (eg LoginFailed on Azure AD resource)
Added expiration date for usual countries (as an option).