I'm dealing with a situation where BlackPoint flags a user in Office 365 and disables their account. However, when the Entra Connect Sync runs its next schedule, it re-enables that user because the account in Active Directory (AD) is still active. I understand that since AD is the primary source for this sync, it leads to the user being re-enabled in 365. I was considering having Entra Sync to AD to prevent this, but I understand that user writeback was removed about a decade ago and is unlikely to return. Is there an easy solution I'm overlooking here?
3 Answers
As far as I know, BlackPoint operates primarily in the cloud. If that's the case, it would explain why it only targets the cloud account. Either way, syncing issues like these can be tricky without user writeback capabilities.
You might want to consider having BlackPoint disable the user in the on-premises AD as well. If BlackPoint identifies that the cloud account has issues, it makes sense to also restrict access to the on-prem account to enhance security. I know it seems like a bit of extra work, but it could help prevent potential issues down the line.
I'm curious why BlackPoint wouldn't just disable both accounts if there's a compromise detected in the cloud account. It seems like a good safety measure to ensure both the cloud and on-prem accounts are secured. Maybe check if there’s a setting in BlackPoint that allows handling both accounts simultaneously?
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures