Conducting an Audit of User Email Domains in the Cloud
Platform Notice: Cloud and Data Center - This article applies equally to both cloud and data center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
The following article provides step-by-step instructions on creating a consolidated list of domains from the cloud instance, which can be used for auditing.
Solution
Overview
If there has been a recent migration to the Cloud or user audits are being conducted for security reasons, it becomes crucial to ensure that only authorized users have access to the instance by scrutinizing their email domains. In the Cloud, email addresses function as unique identifiers for users and are used for password resets. Therefore, they are a key factor in maintaining instance security.
This article offers a guide on how to compile a thorough list of domains associated with users in the Cloud. With this list in hand, each domain can be examined by the security team to verify its trustworthiness.
Preparing Email Domain for Audit: A Step-by-Step Guide
The steps outlined below utilize Excel to generate a unified list of domains from the Cloud instance. While these steps are designed for Excel, similar steps might work in other spreadsheet tools to get the same results.
To export user emails from the cloud instance follow the steps outlined in this guide: Export users from a site.
Open the exported CSV file in Excel.
Copy the "email" column and paste it into a new sheet.
In the new sheet, select the “email” column.
Go to the "Data" menu → "Text to Columns" option.
A wizard modal will open as below. Choose “Delimited” then click next.
Choose other and add '@' as the delimiter, then click next.
Then click finish. A new column with the domains will be split from the original emails like below screenshot.
Duplicate the newly created column with domains.
Select the new duplicated column and then go to the “Data” menu > “Remove duplicates” option
A list of unique domains will be created, which can used to evaluate if all domains are trusted.
Count how many times a domain is used by using the COUNTIF function:
Work with the security team to evaluate each email domain. Email domains should be categorized as "Not trusted" only if the security team has concerns about:
Uncertainty regarding the origin of a domain and user emails associated with it
Lack of confidence in the organization responsible for generating emails using that domain
If your security team doesn’t have any concerns about the domain, then it should be considered “Trusted“.
Related Articles:
Was this helpful?