The real beauty of Enzoic for Active Directory is that it continuously monitors your AD accounts for passwords that have been compromised on the dark web. Your installed Enzoic for Active Directory performs this check on a daily 24-hour interval.

Action To Take:

You have a variety of configuration choices to control the behavior when a previously saved password is found to match the Enzoic password policy settings.  

  • User must change password at next logon:

Should a user’s password be found to be compromised, the designated user will be required to change his or her password at next logon.

  • User must change password at next logon (delayed):

Users can be allotted delayed remediation, let’s say 48 hours, until they must change their password.  Input the desired delay time in hours.  Note that you can configure the user to be notified about the discovered compromise as well in all instances.

  • Disable Account:

Should Enzoic determine that a user’s password has suddenly been compromised, the account is promptly disabled.

  • Disable Account (delayed):

This is a good option for users that are off-site or traveling as it allows them enough time to change their password before being locked out.

  • Notification Only:

This option triggers notifications only. This is a good option for a testing environment to discern the severity of your user password vulnerability.  

  • Notify Affected Users by Email When Their Password Is Compromised:

When the 'Notify Affected Users...' , Enzoic will send an alert via Amazon Simple Email Service to inform the user and explain the Action To Be Taken steps as defined above. 

  • Customize Email:

Emails sent to users by Continuous Password Protection whenever their password becomes compromised can be customized. Clicking the “Preview” tab shows the current email template.

  • Company Name – Appears in the header of the email 
  • Logo – Appears in the header. Must be .PNG or JPG at 300px  x 40px
  • Intro Text & Footer Text –These can be used to provide more information about your security policies or to provide links to additional information. 


Delegate Server:

If you have more than one DC in your AD environment, you must designate which DC will communicate with the Enzoic backend data server, as you do not want all DC’s communicating.  If you have only one DC, simply accept the default.  Otherwise, select which server you want to delegate this action to in the drop-down menu.





There is an additional Screen to configure Credentials Monitoring after you click 'Next'. Note that the delegate server is PER installation so changing it on the Credentials Monitoring tab will alter the value you set on the Password Monitoring tab.