Respond module actions

Once you have configured the Respond module with rules, Respond will alert you when these rules are triggered. This article covers what actions can be taken in a rule.

1. Block Sign In

This action will disable access to a Microsoft 365 / Azure AD account by blocking the account from signing in.

If Respond blocks a user from having sign-in access to Microsoft 365, it might take as long as 24 hours to take effect on all that user’s devices and clients. If you need to immediately prevent a user's sign-in access you must Expire Account Logins and reset their password.

These three Respond actions work well together: Block Sign In, Reset User Password, and Expire Account Logins to sign the user out of all apps and sessions.

2. Force User to Change Password on Next Sign In

This will force a mandatory password change and the end user will have to change the password in the next sign-in.

IMPORTANT Users do not get an email notification that their password needs to be changed.

3. Expire Account Logins

This will initiate a one time event that will sign the user out of all Microsoft 365 sessions.

IMPORTANT This action can take up to 15 minutes for process to complete. This user will be able to immediately sign back in, unless you have also blocked their sign-in status.

4. Reset User Password

This action will perform the following steps:

SaaS Alerts will generate a new password for the user.
SaaS Alerts will send that password to the SMS numbers configured in the rule (usually the MSP Admin creating the rule).
A Change User Password action will be triggered forcing a mandatory password change in next sign-in.

5. Setup User MFA

When this rule is triggered, it will generate a notification to the SMS numbers configured in the rule (usually the MSP Admin creating the rule) with a link to Microsoft 365 to enable multifactor authentication (MFA). Below is the complete list of steps to follow:

In the admin center, select Users and Active Users.
In the Active Users section, click multi-factor authentication.
On the Multi-factor authentication page, select user.
Click Enable under Quick Steps.
In the pop-up window, click Enable Multi-Factor Authentication.

IMPORTANT You must be a Microsoft 365 global admin to set up or modify multi-factor authentication.

6. Delete User

This will delete a specific account in the Microsoft 365 admin center User Management page after the rule conditions are met.

IMPORTANT Don't delete the account if you've set up email forwarding or converted it to a shared mailbox. Both need the account to anchor the forwarding or shared mailbox.

NOTE When you delete a user, the account becomes inactive for approximately 30 days. You have until then to restore the account before it is permanently deleted.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!