Phishing 2.0 - Detecting AitM and BitM Toolkits // Watch Now

Ready to help

Can I use Push to detect personal or non-work accounts?

Yes, you can configure an opt-in feature to expand Push’s capabilities to monitor all domains used to access work apps, including personal accounts or other non-company accounts.

Ensure you have consent to collect this information before you enable the feature.

How it works

Typically, the Push browser extension only observes company logins to work apps, using your list of specified company domains to identify employee logins.

However, you might wish to expand this monitoring, such as in cases where employees use unpredictable domains or if employees are using non-company or personal accounts to perform work-related activity.

To expand monitoring to include all activity on work apps, regardless of the email domain used, you can enable the Monitor all domains feature on the Settings page of the Push admin console.

Once enabled, the Push browser extension will treat company domains and non-company domains the same and apply the same password security checks, MFA checks, login method analysis, and activity detection. It will also apply any other configured settings, such as in-browser prompts or ChatOps self-remediation. For example, if Push detects a weak password used by a personal account to access a work app, it will still trigger a ChatOps message to the employee.

In order for a non-company domain account to be detected, the login will still need to be performed using a browser that has been enrolled in Push within your organization.

Ensure you have consent

Ensure you have explicit consent from your employees before using the Monitor all domains feature, such as updating and communicating your privacy and acceptable use policies. You should also ensure this feature does not impact your compliance status.

With this feature, Push will only detect logins to recognized work apps. If employees are logging into work apps with a non-company email domain, their email addresses will be logged, along with the timestamp of when they logged in, and which work apps they accessed, as well as any security findings on the accounts.

Push does not see, collect, or store passwords for any logins it observes. Learn more in this help article.

How this data is used

If the Monitor all domains feature is enabled, Push will treat company domains and non-company domains the same, and you’ll see non-company domains listed among your discovered Accounts and on individual employee records.

You can filter the data in the admin console by whether accounts are tied to company domains or not, or for a specific domain (such as gmail.com).

If you later disable the Monitor all domains feature, Push will not remove any non-company domain data that was collected. You can manually remove it if you wish by using the filter for non-company domains and removing the data using the “Forget account” button.

Non-company domain logins will not be collected for Push’s “other apps” feature, which identifies apps accessed in your environment that may or may not be work-related.