After determining that a high-risk user account maintains a lower risk score, remove the account from the Zscaler restricted user group using the Response Management app.
This task is supported by the following services:
-
Microsoft Entra ID
 |
ImportantThe response action is available only after you have configured Zscaler Internet Access integration or Zscaler Private Access integration in Third-Party Integration.
|
Procedure
- In the Response Management app, find the user account and
click the options button (
) at the right of the row. - Click Remove from Zscaler Restricted User Group.The Remove from Zscaler Restricted User Group screen appears.
- Confirm the targets of the response.
- Specify a Description for the response or event.
- Click Create.Trend Vision One creates the task and displays the current task status in Response Management.
- Monitor the task status.
- Open Response Management.
- (Optional) Locate the task using the Search field or by selecting Remove from Zscaler Restricted User Group from the Action drop-down list.
- View the task status.
-
In progress (
): Trend Vision One sent the command
and is waiting for a response. -
Successful (
): The command was successfully
executed.When successful, the access control policy defined in Zscaler will no longer be applied to the user account. -
Partially successful (
): The task was unsuccessful on one
or more IAM service -
Unsuccessful (
): The task was unsuccessful on all connected IAM
services -
Pending approval (
): The task is pending approval from specified users -
Rejected (
): The task has been rejected
-