Skip to content

Commit d69aa96

Browse files
anunesmsanunesms
authored
Update remediation-actions.md
Adding on Okta Remediation.
1 parent cd2cf8a commit d69aa96

File tree

1 file changed

+7
-1
lines changed

1 file changed

+7
-1
lines changed

ATPDocs/remediation-actions.md

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@ To perform any of the [supported actions](#supported-actions), you need to:
3333

3434
## Supported actions
3535

36-
The following Defender for Identity actions can be performed directly on your on-premises identities:
36+
The following Defender for Identity actions can be performed on Identities:
3737

3838
- **Disable user in Active Directory**: This will temporarily prevent a user from signing in to the on-premises network. This can help prevent compromised users from moving laterally and attempting to exfiltrate data or further compromise the network.
3939

@@ -45,6 +45,10 @@ The following Defender for Identity actions can be performed directly on your on
4545

4646
- **Require User to Sign In Again** - Revoke a user’s active sessions
4747

48+
- **Suspend User in Okta** - Temporarily disables a user account. This action can be used when a legit user account was found to be compromised and needed to be disabled
49+
50+
- **Deativate User in Okta** - This action can be used when a non-legit malicous account was detected, to deactivate the account permanently.
51+
4852
Depending on your Microsoft Entra ID roles, you might see additional Microsoft Entra ID actions, such as requiring users to sign in again and confirming a user as compromised. For more information, see [Remediate risks and unblock users](/entra/id-protection/howto-identity-protection-remediate-unblock).
4953

5054
## Roles and Permissions
@@ -56,6 +60,8 @@ Depending on your Microsoft Entra ID roles, you might see additional Microsoft E
5660
|Require User to Sign In Again | - Global Administrator <br>|
5761
| Disable/Enable User in Active Directory | Refer to [Required permissions Defender for Identity in Microsoft Defender XDR](/defender-for-identity/role-groups#required-permissions-defender-for-identity-in-microsoft-defender-xdr)|
5862
| Force Password Reset in Active Directory | Refer to [Required permissions Defender for Identity in Microsoft Defender XDR](/defender-for-identity/role-groups#required-permissions-defender-for-identity-in-microsoft-defender-xdr)|
63+
| Suspend User in Okta | A custom role defined with permissions for Response (manage) Or One of the following Microsoft Entra roles: <br> - Security Operator <br> - Security Administrator <br> - Global Administrator|
64+
| Deativate User in Okta | A custom role defined with permissions for Response (manage) Or One of the following Microsoft Entra roles: <br> - Security Operator <br> - Security Administrator <br> - Global Administrator|
5965

6066

6167
## Related videos

0 commit comments

Comments
 (0)