Block, deauthorize, and deactivate

Overview

Code42 administrators can use block, deauthorize, and deactivate actions to control access to data and manage accounts. This article explains the impact each of these actions have on organizations, users, and devices in your Code42 environment.

Considerations

  • You must have administrative role permissions to perform block, deauthorize, and deactivate actions from the Code42 console.
  • You should understand the basic information hierarchy of the Code42 platform, including the definitions below:
Device

A single computer within your Code42 environment, identified by its GUIDMay be used interchangeably with endpoint

User

A single account in your Code42 environment. A user account has a single set of sign-in credentials (username and password) and a single encryption key for all backups. A user always belongs to one (and only one) organization.

Organization

The hierarchical level in the Code42 environment for users and their devices. Each user can belong to only one organization. You can define many settings at the organization level; different organizations can have different settings. An organization can contain child organizations, and an organization can exist without containing any users.

Blocking, deauthorizing, and deactivating at a glance

  • Blocking is a non-destructive action that prevents user access to your Code42 environment.
  • Deauthorizing signs a user out of a specific device. The user can sign in again at any time.
  • Deactivating is a destructive action that stops all activity for a device, user, or organization.

The following table provides additional details about each action:

  Incydr monitoring Backup activity1 Possible Backup Data Loss1 Applies to devices Applies to users Applies to organizations
Block1 n/a Continues No Yes Yes Yes
Deauthorize1 n/a Stops No Yes No No
Deactivate Stops Stops Yes Yes Yes Yes

1 Backup agent only

Block

Backup agent only

Blocking prevents user access to the Code42 environment but is not destructive to existing data. Device backups continue without interruption. Specific implications for devices, users, and organizations are detailed below.

Device

When you block a device:

  • Users are signed out of the Code42 agent on the blocked device and cannot sign in again on that device.
  • Users cannot access the Code42 agent on the device to restore data or change settings.
  • Users can continue to use other devices.
  • Existing backups are not affected.
  • The Code42 service continues backing up new data on the device without interruption.
User

When you block a user:

  • Users cannot sign in to any part of your Code42 environment:
    • Users cannot sign in to the Code42 agent on any device.
    • Users cannot sign in to the web-based Code42 console.
    • Users cannot register or sign in from a new device.
  • Users cannot restore data or change settings.
  • Existing backups are not affected.
  • The Code42 service continues backing up new data on the device without interruption.
  • File event activity collected via the insider risk agent is retained for 90 days.
  • The Audit Log records a user's events for the last 90 days. To maintain Audit Log output for longer than 90 days, export the results to your own systems for storage.
  • Alerts triggered by the user remain available in Alerts for the duration of your Event data retention period. To maintain alerts for longer than this period, export alert notification details via the Code42 API to an external file or to your security information and event management (SIEM) tool. See the Code42 Developer's Portal for more information on the Code42 API.
  • If the user is associated with a case, that case remains available for ongoing investigations.
Organization

When you block an organization, all users in the organization are blocked, as well as all users in child organizations.

Blocks and licenses

Blocked devices still use a license.

Use case examples

  • Theft or loss: you may want backups to continue while searching for the device, but want to prevent unauthorized access to backup archives.
  • Licensing: if you are managing backups for a third party, you may need to block a user for billing purposes.
  • Legal: in legal proceedings, you may need to restrict access to data due to a legal hold. Users on legal hold cannot be deactivated, but they can be blocked. 

Unblock

When you unblock a device, user, or organization, normal access to the Code42 agent is restored.

Deauthorize

Backup agent only

Deauthorization only applies to devices. Users and organizations cannot be deauthorized. 

When you deauthorize a device:

  • The current user is signed out of the Code42 agent. Users can sign in again at any time.
  • No data is deleted. However, backup activity stops until the user signs in again. 
  • Users cannot access the Code42 agent to restore data or change settings without signing in again.
  • File event activity collected via the insider risk agent is retained for 90 days.
  • The Audit Log records a user's events for the last 90 days. To maintain Audit Log output for longer than 90 days, export the results to your own systems for storage.
  • Alerts triggered by the user remain available in Alerts for the duration of your Event data retention period. To maintain alerts for longer than this period, export alert notification details via the Code42 API to an external file or to your security information and event management (SIEM) tool. See the Code42 Developer's Portal for more information on the Code42 API.
  • If the user is associated with a case, that case remains available for ongoing investigations.

Deauthorizations and licenses

Deauthorized devices still use a license.

Use case examples

  • Troubleshooting: deauthorization is sometimes requested by our Technical Support Engineers.
  • Testing: deauthorizing a device can be used to test a user's credentials or other behavior.
  • Theft or loss: the device will be unable to back up or restore files until the user has signed back in to the device.

Deactivate 

Deactivation is a destructive action that prevents access to the Code42 environment and removes user data from devices. Specific implications for devices, users, and organizations are detailed below.

Insider risk agent

Backup agent