Admins can now configure automated remediation for account takeover cases at the level of individual actions per platform across varying detection confidence levels and apply different settings to specific tenants.
What's new:
- Granular Remediation Thresholds: Via the Advanced tab in Automatic Remediation Threshold settings, admins can independently configure which actions (Revoke Sessions, Password Reset, Disable Account) run automatically for M365, Google Workspace, Okta at High, Medium, and Low confidence levels.
- Simplified and Custom Modes: The Basic tab retains preset options (High confidence only, High and Medium, High/Medium/Low) and adds the Custom option so admins can choose a simplified approach or unlock full customized control.
- Per-Tenant Remediation Overrides: Custom Tenant Settings allows admins to define remediation behavior that overrides account-level defaults for individual tenants, supporting organizations with different risk or compliance requirements across their tenant fleet.
Together, these controls give security teams precise authority over how and when Abnormal acts on a compromised account without requiring manual intervention at the case level.
