After determining that a high-risk user account maintains a lower risk score, remove the account from the Zscaler restricted user group using the Response Management app.
This task is supported by the following services:
-
Microsoft Entra ID
 |
ImportantThe Remove from Zscaler Restricted User Group response action becomes available after
you have configured Zscaler Internet Access integration or Zscaler Private Access integration in Third-Party Integration, and after you have added a user account to a ZScaler restricted user group.
You can remove the user account from a Zscaler restricted user group by selecting
Remove from Zscaler Restricted User Group from the context menu in Attack Surface Discovery, Workbench, Observed Attack
Techniques, and the Search app.
|
Procedure
- In the Response Management app, find the user account and click the options button (
) or access the context menu. - Click Remove from Zscaler Restricted User Group.The Remove from Zscaler Restricted User Group screen appears.
- Confirm the targets of the response.
- Specify a Description for the response or event.
- Click Create.Trend Vision One creates the task and displays the current task status in Response Management.
- Monitor the task status.
- Open Response Management.
- (Optional) Locate the task using the Search field or by selecting Remove from Zscaler Restricted User Group from the Action drop-down list.
- View the task status.
-
In progress (
): Trend Vision One sent the command
and is waiting for a response. -
Successful (
): The command was successfully
executed.When successful, the access control policy defined in Zscaler will no longer be applied to the user account. -
Partially successful (
): The task was unsuccessful on one
or more IAM service -
Unsuccessful (
): The task was unsuccessful on all connected IAM
services -
Pending approval (
): The task is pending approval from specified users -
Rejected (
): The task has been rejected
-