The real beauty of Enzoic for Active Directory is that it continually monitors your AD accounts for passwords that have been compromised on the dark web. Your installed Enzoic for AD plugin performs this check every 24 hours.
Action To Take:
You have a variety of configuration choices to control the behavior when a previously saved password is found to match the Enzoic password policy settings.
- User must change password at next logon:
Should a user’s password be found to be compromised, the designated user will be required to change his or her password at next logon.
- User must change password at next logon (delayed):
Users can be allotted delayed remediation, let’s say 48 hours, until they must change their password. Input the desired delay time in hours. Note that you can configure the user to be notified about the discovered compromise as well in all instances.
Should Enzoic determine that a user’s password has suddenly been compromised, the account is promptly disabled.
- Disable Account (delayed):
This is a good option for mobile users that are often off premise as it allots them enough time to change their password before being locked out.
This option triggers notifications only. This is a good option for a testing environment to discern the severity of your user password vulnerability.
- Notify Affected Users by Email When Their Password Is Compromised:
When the Notifications checkbox for is enabled, Enzoic will send an alert via Amazon Simple Email Service to inform the user and explain the Action To Be Taken steps as defined above.
Emails sent to users by Continuous Password Protection whenever their password becomes compromised can be customized. Clicking the “Preview” tab shows the current email template.
- Company Name – Appears in the header of the email
- Logo – Appears in the header. Must be .PNG or JPG at 300px x 40px
- Intro Text & Footer Text –These can be used to provide more information about your security policies or to provide links to additional information.
If you have more than one DC in your AD environment, you must designate which DC will communicate with the Enzoic backend data server, as you do not want all DC’s communicating. If you have only one DC, simply accept the default. Otherwise, select which server you want to delegate this action to in the drop-down menu.