All sites covered by the Overe Protect plan have access to threat response features, enabling swift action to mitigate potential security incidents and prevent further impact.
Response actions
We are currently implementing two key actions to mitigate potential security incidents:
Revoke User Session: This action immediately terminates the Microsoft session associated with the affected account, preventing any further activity by a potentially malicious actor.
Block User Account: To prevent unauthorized reaccess, Overe enforces a Conditional Access policy that blocks the compromised account from logging into any Microsoft system. This measure gives administrators time to investigate the incident and implement necessary security steps to protect the system.
The Conditional Access policy managing blocked accounts is listed in Entra as "(Overe) Block Users".
These response actions are available in the User Details Panel within the Users Section and can also be accessed in the context of a potential incident through the Alert Details Panel.
Automatic response
While the features described above require manual intervention, automatic response is currently in private beta and will be announced soon to all Overe Protect users.