Skip to main content

Who is this article for?

Incydr
Code42 for Enterprise
CrashPlan for Enterprise

Incydr, yes.

CrashPlan for Enterprise, yes.

Code42 for Enterprise, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

Other available versions:

On-premises

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Block, deauthorize, and deactivate

Who is this article for?

Incydr
Code42 for Enterprise
CrashPlan for Enterprise

Incydr, yes.

CrashPlan for Enterprise, yes.

Code42 for Enterprise, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

Other available versions:

On-premises

Overview

Code42 platform administrators can use block, deauthorize, and deactivate actions to control access to data and manage accounts. This article explains the impact each of these actions has on organizations, users, and devices in your Code42 environment.

Considerations

  • You must have administrative role permissions to perform block, deauthorize, and deactivate actions from the Code42 console.
  • You should understand the basic information hierarchy of the Code42 platform, including the definitions below:
Device

A single computer within your Code42 environment, identified by its GUIDMay be used interchangeably with endpoint

User

A single account in your Code42 environment. A user account has a single set of sign-in credentials (username and password) and a single encryption key for all backups. A user always belongs to one (and only one) organization.

Organization

The hierarchical level in the Code42 environment for users and their devices. Each user can belong to only one organization. You can define many settings at the organization level; different organizations can have different settings. An organization can contain child organizations, and an organization can exist without containing any users.

Blocking, deauthorizing, and deactivating at a glance

  • Blocking is a non-destructive action that prevents user access to your Code42 environment.
  • Deauthorizing signs a user out of a specific device. The user can sign in again at any time.
  • Deactivating is a destructive action that stops all activity for a device, user, or organization.

The following table provides additional details about each action:

  Incydr monitoring Backup activity Possible Backup Data Loss Applies to devices Applies to users Applies to organizations
Block Continues Continues No Yes Yes Yes
Deauthorize Stops Stops No Yes No No
Deactivate Stops Stops Yes Yes Yes Yes

Block

Blocking prevents user access to the Code42 environment but is not destructive to existing data. Incydr monitoring and device backups continue without interruption. Specific implications for devices, users, and organizations are detailed below.

Device

When you block a device:

  • Users are signed out of the Code42 app on the blocked device and cannot sign in again on that device.
  • Users cannot access the Code42 app on the device to restore data or change settings.
  • Users can continue to use other devices.
  • Incydr monitoring continues without interruption.
  • Existing backups are not affected.
  • The Code42 service continues backing up new data on the device without interruption.
User

When you block a user:

  • Users cannot sign in to any part of your Code42 environment:
    • Users cannot sign in to the Code42 app on any device.
    • Users cannot sign in to the web-based Code42 console.
  • Users cannot restore data or change settings.
  • Incydr monitoring continues without interruption.
  • Existing backups are not affected.
  • The Code42 service continues backing up new data on the device without interruption.
  • If you have enabled File Metadata Collection, the user's file event data is retained for 90 days.
  • The Audit Log records a user's events for the last 90 days. To maintain Audit Log output for longer than 90 days, export the results to your own systems for storage.
  • Any alerts triggered by the user remain available in Alerts. However, for alerts that are older than 90 days, linked events may not display in Forensic Search.
  • If the user is associated with a case, that case remains available for ongoing investigations.
Organization

When you block an organization, all users in the organization are blocked, as well as all users in child organizations.

Blocks and licenses

Blocked devices still use a license.

Use case examples

  • Theft or loss: you may want backups to continue while searching for the device, but want to prevent unauthorized access to backup archives.
  • Licensing: if you are managing backups for a third party, you may need to block a user for billing purposes.
  • Legal: in legal proceedings, you may need to restrict access to data due to a legal hold. Users on legal hold cannot be deactivated, but they can be blocked. 

Unblock

When you unblock a device, user, or organization, normal access to the Code42 app is restored.

Deauthorize

Deauthorization only applies to devices. Users and organizations cannot be deauthorized. 

When you deauthorize a device:

  • The current user is signed out of the Code42 app. Users can sign in again at any time.
  • No data is deleted. However, Incydr monitoring and backup activity stop until the user signs in again. 
  • Users cannot access the Code42 app to restore data or change settings without signing in again.
  • If you have enabled File Metadata Collection, the user's file event data is retained for 90 days.
  • The Audit Log records a user's events for the last 90 days. To maintain Audit Log output for longer than 90 days, export the results to your own systems for storage.
  • Any alerts triggered by the user remain available in Alerts. However, for alerts that are older than 90 days, linked events may not display in Forensic Search.
  • If the user is associated with a case, that case remains available for ongoing investigations.

Deauthorizations and licenses

Deauthorized devices still use a license.

Use case examples

  • Troubleshooting: deauthorization is sometimes requested by our Customer Champions.
  • Testing: deauthorizing a device can be used to test a user's credentials or other behavior.
  • Theft or loss: the device will be unable to back up or restore files until the user has signed back in to the device.

Deactivate

Deactivation is a destructive action that prevents access to the Code42 environment and removes user data from devices. Specific implications for devices, users, and organizations are detailed below.

Permanent Data Loss Warning
Deactivation can destroy data, unlike blocking or deauthorizing.

  • Deactivated archives on a Code42 cloud destination are placed into cold storage for the configured cold storage period. Once the cold storage period has passed, the archive is permanently deleted.
  • Archives backed up to a local folder or other account device are immediately deleted upon deactivation. Cold storage is only available for Code42 cloud destinations.

For step-by-step recommendations on deactivation, see Deactivate and reactivate users and devices.

Device

When you deactivate a device:

  • Incydr monitoring stops.
  • Device backups stop.
  • The user is signed out of the Code42 app on that device.
  • The user can sign in again at any time, but backup archives previously associated with the device will no longer be present.
  • Restores are not available for files backed up from that device.
  • Backup archives are removed from all backup destinations. The device's backup archive is sent to cold storage. Archives in cold storage do not continue to back up and do not undergo regular archive maintenance. By default, archives are permanently deleted from cold storage after 14 days. To change the default, update the Move deactivated archives to cold storage for quota value.
  • For Code42 environments that use customized Code42 app installers configured to auto-register users, Code42 recommends blocking the device before deactivating. Without first blocking the device, it may reactivate automatically.
User

When you deactivate a user:

  • Incydr monitoring stops for the user.
  • Device backups stop for the user.
  • Users are signed out of all devices and online sessions and cannot sign in to any part of your Code42 environment:
    • Users cannot sign in to the Code42 app on any device.
    • Users cannot sign in to the web-based Code42 console.
    • Users cannot sign in until being reactivated.
  • Backup archives are removed from all backup destinations. All of the user's backup archives are sent to cold storage. Archives in cold storage do not continue to back up and do not undergo regular archive maintenance. By default, archives are permanently deleted from cold storage after 14 days. To change the default, update the Move deactivated archives to cold storage for quota value.
  • If you have enabled File Metadata Collection, the user's file event data is retained for 90 days.
  • The Audit Log records a user's events for the last 90 days. To maintain Audit Log output for longer than 90 days, export the results to your own systems for storage.
  • Any alerts triggered by the user remain available in Alerts. However, for alerts that are older than 90 days, linked events may not display in Forensic Search.
  • If the user is associated with a case, that case remains available for ongoing investigations.
Users on legal hold cannot be deactivated

If users who are custodians under a legal hold are subsequently selected for deactivation (for example, from the Code42 console, a provisioning provider, or API), they are not deactivated immediately because their data must be retained for legal hold purposes. Instead, they are blocked. Once these blocked users are released from legal hold, they are deactivated automatically. 

Organization

When you deactivate an organization, all users in the organization are deactivated, as well as all users in child organizations.

Deactivation and licenses

A deactivated user still uses a license as long as the user's archive exists in cold storage. Once the archive is purged from cold storage, the user no longer consumes a license.

Use case examples

  • Reclaiming licenses: deactivation is the only action that can free licenses that are being used.
  • Offboarding: deactivate a user account when an employee leaves the company.
  • Device recycling: deactivate a device when permanently removing it from service.

Reactivation

Reactivation resumes Incydr monitoring, restores access to the Code42 environment, and makes deactivated backup archives available for use once again by affected users, devices, and the Code42 cloud. For step-by-step instructions on reactivating a deactivated user or device, see Deactivate and reactivate users and devices.

Limited time to recover deactivated archives
Archives must be reactivated before the end of the cold storage period.
Device

When you reactivate a device:

  • Incydr monitoring resumes.
  • Backups resume.
  • The deactivated backup archives are made available for use once again by the device if the device is reactivated before the end of the cold storage period.
User

When you reactivate a user:

  • Incydr monitoring resumes.
  • Backups resume.
  • The deactivated user's backup archives are made available for use once again by each device associated with the user, and all devices associated with this user account are reactivated immediately if the user is reactivated before the end of the cold storage period.
Organization

When you reactivate an organization, all users in the organization are reactivated, as well as all users in child organizations.

  • Was this article helpful?