Sending Automatic Notification Emails to Users

One of the great features of Axonius is the ability to automate and operationalize your data to streamline workflow processes. Using Enforcement Center actions to notify endpoint Users about important information is a great example. Eliminating manual review and information sharing between various groups for simple processes saves time and valuable resources!

One of my colleagues wrote an excellent post recently on identifying Users with expiring accounts in the next day, week, month, etc.

We will use this post as our first use case and discuss how to set up an Enforcement Center action to notify Users whose passwords will expire in the near future.

We will also explore a second use case for notifying Users about potential issues regarding their Device(s).

Use Case 1 – Send Email to Users with Expiring Passwords

We will start by creating and saving a User Query that will identify Users with passwords that expire in the next 14 days.

When executing in our environment, we are provided the list of Users and have added columns to view to reflect our intent.

Next, we will go to Enforcement Center and set up the action necessary to contact this User and notify them of the impending password expiration. Click, ‘Add Enforcement’ in the top right portion and then hit the drop down for ‘Notify’.


Name the ‘Enforcement Set Name’ and choose the action, ‘Send Email to Entities’. Complete the ‘Action Name’ and the ‘Email Subject’ and ‘Custom Message’. Keep in mind you can use HTML code to personalize the email to the user. For our example, we will use ‘FirstName’, which maps back to the ‘First Name’ for the account.

For full reference, visit:

Next, Click on the ‘Trigger’ and select the User module and the Saved Query, as well as automation settings for custom scheduling. Remember, each execution will result in a private email to each individual user. Click ‘Save’.

Use Case 2 – Send Email to Users with Device Issues

For our second use case, we will explore the same Enforcement Center action, except this time we will pivot from a device query. In this example, we will send an email to Users who are associated with Devices that have an outdated version of ‘putty’ installed.

We follow the same steps as above in creating an Enforcement Center Action to ‘Send Email to Entities’, with the main difference being the ‘Trigger’ Query supplied.

There is an obvious question: since we are triggering on a Device Query, and not a User Query – who exactly gets notified?

If we go back to our query results and add the ‘Last Used Users’ column to view, we get our answer.

The email will be sent to each User asset which has an email address that is determined as the Last Used Users for each device.

One last setting to point out in the Enforcement Center Action for ‘Send Email to Entities’ is the checkbox for ‘Send to Device Owner’.

If enabled, an email will be sent to the email address of the device owner (as long as it exists). If disabled, as shown before, an email will be sent to each User asset which has an email address that is determined as the 'Last Used User' for each device.

In the event no ‘Owner’ exists, you can add the value as ‘Custom Data’ to the asset entity record. From the device profile page, select the ‘Custom Data’ record under ‘Adapter Connections’ and click the blue box for ‘Manage Custom Fields’.

From the Field box, select the Aggregated ‘Owner’ option, and fill in the desired value. Click the blue + icon to Add to Field. (The EC Action will use the exact value added to the Custom data field -- so for our use case we will need to supply the email address of our designated 'Owner')

When the Enforcement Center action is performed, the 'Owner' will be sent the notification email.

Please reach out with any questions - thanks for reading!




Please sign in to leave a comment.

Didn't find what you were looking for?

New post