Windows Agent
Lavawall® requires local administrator access to install. It then creates a service account to gather the information required to secure your computer.
Linux and Mac Agent
Lavawall® uses a root account to install behind the scenes and then creates an account to run the daemon that secures your computers..
Lavawall® Microsoft 365 / Entra /Azure Permissions
Lavawall does request a lot of Microsoft permissions because it does a lot.
Most of the permissions are pretty self-explanatory. However, some might cause confusion. Here's a summary:
- Maintain Access: Lavawall® regularly monitors your Microsoft 365 tenant and doesn’t need to request you to log in each time
- Read mail in all mailboxes: Lavawall® doesn’t actually read your mail. However, it requires this permission to read the mailbox rules.
One of the first things bad guys do when they take over an account is set rules to redirect invoices and other interesting emails to themselves to modify in order to scam you and your clients. Next, they’ll often hide emails in folders or delete them. Lavawall® catches these, and other indicators of compromise through this permission.
It also retains the rules. Typically, after a breach, the bad guys delete the rules and you’re left with the rule’s GUID in the Purview log. Lavawall® retains the rule so you can do a better forensic examination if required.
If you have any questions or need further assistance, feel free to reach out through our chat, phone or email on our contact page!