API usage scenarios for information security

Yandex 360 for Business administrators can control settings that help facilitate information security in the company. Most of these settings can also be managed via the API.

Here are the core API scenarios that security departments may find useful:

• Anti-spam settings: Create, edit, or delete a whitelist of senders with allowed IP addresses and CIDR subnets.

• Yandex Disk audit log: View the list of events in the organization's Yandex Disk audit log.

• Yandex Mail audit log: View the list of events in the organization's Yandex Mail audit log.

• Two-factor authentication (2FA): Enable or disable 2FA for all domain users.

• Reset the phone number for 2FA: Delete an employee's phone number used for two-factor authentication.

• Sign out: Sign out of a specific user account on all devices where there are active sessions.

• Cookie lifetime: Change the lifetime of user session cookies.

• Password policy settings: View or configure the organization's password policy settings. For example, the password expiration period and the ability of users to change passwords on their own.

• Email transport rules: Create filters for processing incoming emails that take priority over user filters. For example, you can set up forwarding of copies of emails that meet specific criteria to a designated address. Or block email delivery from certain senders.

• Auto-reply or forwarding rules: Create auto-reply rules for emails addressed to an employee or rules for forwarding them to other mailboxes within the organization's domain.

• Information about employees: View employee details (for example, whether they have administrator privileges or if their account is blocked or active) or edit them (for example, reset an employee's password or set the flag to change the password at first login).