# Week 22, 2023

Following an exciting week at Identiverse 2023, we’re starting off the week with a flurry of new capabilities. This week, our headline item is a new check for monitoring activity from untrustworthy Internet Service Providers (ISPs).

### ⚠️ Monitor Activity from Untrustworthy Internet Service Providers&#x20;

You may have noticed that we have recently put a lot of effort into adding more identity-related context from IP addresses. This has included adding in ASN (autonomous system number) data, such as ASN, ASN Domain, ASN Name, ASN Type, and ASN Country.&#x20;

You may want to track activity from ASN domains that are untrustworthy, which is exactly what we have introduced this week with the “Activities from untrustworthy ISP” check. This continuously monitors for successful logins from new ISPs that have a low trust score. New ISPs are those that have not been seen in the last 90 days, and the trust score is calculated from enrichment services and the [Tranco Top 1M](https://tranco-list.eu/) list.

![Untrustworthy ISP](https://oort.io/hs-fs/hubfs/image2-Jun-05-2023-01-59-56-7375-PM.png?width=1999\&height=1057\&name=image2-Jun-05-2023-01-59-56-7375-PM.png)

<figure><img src="https://oort.io/hs-fs/hubfs/image1-Jun-05-2023-01-59-56-6549-PM.png?width=1999&#x26;height=1141&#x26;name=image1-Jun-05-2023-01-59-56-6549-PM.png" alt="" width="375"><figcaption><p>Untrustworthy ISP</p></figcaption></figure>

### 📧 Wizer Security Awareness Videos Available in Check Notification Emails

We recently introduced Wizer security awareness videos into Oort checks. These videos have been available in the Oort Dashboard, as well as in Slack messages that go to impacted Users. Included short videos help the user to understand the associated security risk of their failed check, such as using weak forms of MFA.

Videos are now also available in email-based alerts, further enabling users and managers to understand the importance of identity security.

### Bug Fixes and Minor Improvements

\- Inactive guest account check. In addition to Azure AD, this check also covers Okta, Workday, and Slack accounts.\
\- Password expiration failure. Enhanced explainability to include the associated provider.\
\- RBAC roles. Role-based access controls now apply to Slack and Teams, so users without the appropriate permissions cannot mark checks as “normal behavior” or “interesting”.\
\- Observations “Expired” state. After seven days, Observations will show an “Expired” state. This will help to ensure you do not have stale failed event-based checks.\
\- Azure Factor History. New data displayed within User360 profiles to show the history of an MFA factors in Azure.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.oort.io/release-notes/2023/week-22-2023.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.