Quick Response to a Compromised User/Device
Written by Marissa Orsini
Updated at April 27th, 2023
Table of Contents
Scope:
The following steps will allow you to quickly response if a user/device is suspected to have been compromised.
Requirements:
Access to Manager Portal (Reseller and Higher)
What to do if a user/device credentials are compromised.
- Set user permission to Deny All
- Log in to the Manager Portal and navigate to Domains
- Navigate to Users and click the affected user
- Under the Profile tab, scroll down to Dial Planning and set Dial Permission to Deny All, and click save
- Re-create the user device
- While you're in the user profile, click the Phones tab, make notes of the Mac Address if it's a hard phone device, Model, Record Calls setting, and Name. Click Delete next to the affected device
- Click add phone, Enter the Phone Suffix you noted as name, select Record Calls setting and click Add button. If this is a hard phone, select the model device, Set the Record Calls setting, and enter the MAC address and click Add.
- Reset Manager Portal Password and Voicemail PIN
- Go to Users -> Select the affected user -> Advanced
- Click Force Password Reset
- You may now revert the dial permissions back to what they were, and this user will be all set.