Recently I cleaned up a SMB client's Workspace users after archiving their data (former employee accounts that had been languishing). In the space of a day or two I did the following for half the ~20 total accounts:
- Moved to no 2FA sub-organization
- Reset password
- Disabled security check for ten minutes
- Logged in as the user in a fresh browser profile
- Exported data with Takeout
- Deleted the account in the admin console
I fully expected to hit some kind of roadblock or delay or for alarm bells to go off for the other admins, but nope, I literally "absconded" with hundreds of gigabytes of data and nuked half the org in short order.
There is a Workspace Admin option to export users' data but it warns of an automatic 48 hour delay to let "other admins take action" if something is amiss. The client wanted the task done before getting hit with the full monthly license fees again so I had to go the manual route.
Granted, out of paranoia, I was using the client's office VPN as my traffic egress so maybe that helped.
Changing your account recovery and 2FA settings then immediately trying to recover your account from an unusual country should temporarily lock out your account, every time, and this is what all normal users want.
Recently I cleaned up a SMB client's Workspace users after archiving their data (former employee accounts that had been languishing). In the space of a day or two I did the following for half the ~20 total accounts:
I fully expected to hit some kind of roadblock or delay or for alarm bells to go off for the other admins, but nope, I literally "absconded" with hundreds of gigabytes of data and nuked half the org in short order.There is a Workspace Admin option to export users' data but it warns of an automatic 48 hour delay to let "other admins take action" if something is amiss. The client wanted the task done before getting hit with the full monthly license fees again so I had to go the manual route.
Granted, out of paranoia, I was using the client's office VPN as my traffic egress so maybe that helped.
people who travel shouldn't trigger account abuse
Changing your account recovery and 2FA settings then immediately trying to recover your account from an unusual country should temporarily lock out your account, every time, and this is what all normal users want.