Zero Trust Actions

Zero Trust actions allow you to directly respond to risks without leaving the Trend Micro Vision One console.

You can take specific actions on users, devices, or their app access activity manually or automatically based on risk status. After triggering an action, the Zero Trust Secure Access app creates a task and sends the command to the respective enforcement point.

Actions taken manually take precedence over the automated control configured in secure access rules.

The following table describes the actions you can take on users and devices found in your environment for risk remediation.

Action

Description

Disable User Account

Signs the user out of all active application and browser sessions of the user account. It may take a few minutes for the process to complete. Users are prevented from signing in any new session

For more information, see Disable User Account Task.

For more information about how to use this action in a risk control rule, see Creating a Risk Control Rule.

Force Sign Out

Signs the user out of all active application and browser sessions of the user account. It may take a few minutes for the process to complete. Users are not prevented from immediately signing back in the closed sessions or signing in new sessions

For more information, see Force Sign Out Task.

For more information about how to use this action in a risk control rule, see Creating a Risk Control Rule.

Force Password Reset

Signs the user out of all active application and browser sessions, and forces the user to create a new password during the next sign-in attempt. It may take a few minutes for the process to complete

Note:

For extra security, require multi-factor authentication (MFA) before allowing users to change passwords.

For more information, see Force Password Reset Task.

For more information about how to use this action in a risk control rule, see Creating a Risk Control Rule.

Enable User Account

Allows the user to sign in to new application and browser sessions. It may take a few minutes for the process to complete. The user's subsequent sign-in attempts and access requests follow the control by secure access rules

For more information, see Enable User Account Task.

Isolate Endpoint

Disconnects the target endpoint from the network, except for communication with the managing Trend Micro server product

For more information, see Isolate Endpoint Task.

Restore Connection

Restores network connectivity to an endpoint that already applied the Isolate Endpoint action

For more information, see Restore Connection Task.

Monitor Sign-In Attempt

Allows the user to continue with all active application and browser sessions and sign in to new application and browser sessions, and shows the detection on the Access Control History screen

For more information about how to use this action in a risk control rule, see Creating a Risk Control Rule.

Monitor Internal App Access

Allows the access to internal apps configured on Trend Micro Vision One, and shows the activity on the Access Control History screen

For more information about how to use this action in a risk control rule, see Creating a Risk Control Rule.

Block Internal App Access

Blocks access to internal apps configured on Trend Micro Vision One, and shows the activity on the Access Control History screen

For more information, see Block Internal App Access Task.

For more information about how to use this action in a risk control rule, see Creating a Risk Control Rule.

For more information about how to use this action in a permission control rule, see Creating a Permission Control Rule.

Unblock Internal App Access

Allow access to internal apps configured on Trend Micro Vision One

For more information, see Unblock Internal App Access.

Allow Internal App Access

Allows the access to internal apps configured on Trend Micro Vision One, but does not show the activity on the Access Control History screen

For more information about how to use this action in a permission control rule, see Creating a Permission Control Rule.