You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
What do I need to know?
To help you decrease the possibility of malicious actors obtaining access to your cloud instance and causing a security incident, we’ve introduced a new feature into the Jira & Confluence Cloud Migration Assistants (JCMA & CCMA) to proactively audit the email domains associated with users you’re planning to migrate to the cloud.
Currently migrating? We recommend updating your CMA and reviewing your domains as soon as possible. For migrations < 6 weeks you can use your current version of the CMAs to migrate but we recommend additional steps to check your domains. For additional details please see “What if I’m close to executing my production migration?” below.
Already migrated? Please follow our recommendation below in “What if I have already migrated to cloud?”
Security is a moving target; today's threats are often not tomorrow's. With thousands of cyberattacks daily, Atlassian is always thinking about what those threats will be and how we can fortify our cloud products to protect your data. And data is at the center of how we think about security, whether it’s:
What can products do with your data?
How data flows within a product?
How it flows between products?
Or who has access to it?
Our top priority is your data, which is why the Cloud Migration Assistants (CMAs) are built on top of Atlassian’s trusted cloud platform and use the same security measures as our Marketplace Apps. To further protect your data we’re evolving the CMAs to bring deeper visibility into who will have access to your data before you migrate to the cloud.
In our latest version of JCMA/CCMA, we introduced a new feature to help you proactively audit the email domains associated with the users you’re planning to migrate to the cloud. The goal is to ensure that you’ve assessed these domains and concluded that they can be trusted with the help of your security team. By ensuring that only users from trusted domains are migrated to the cloud, you decrease the possibility of malicious actors obtaining access to your cloud instance and causing a security incident.
In the CMAs, you’ll see a new card labeled “Review all domains” that will bring you to the Trusted Domains assessment screen.
Here you’ll see all the domains associated with users in your Server or Data Center instance today, and you’ll be able to review each domain to ensure it should be trusted. If a domain isn’t trusted, please see “I’ve found a domain that can’t be trusted what do I do?” below.
This new feature will add a mandatory step before kicking off your migration plans. We recommend assessing your email domains as early as possible in your migration journey.
Email domains should be classified “not trusted“ only if your security team is concerned about the following:
not knowing the origin of a domain and user emails using it
not being able to trust the organization that creates emails using that domain
If your security team has no concerns about the domain, it should be considered “Trusted. “
The classification of domains as being “Trusted” or “Not Trusted” should not be taken lightly. If you find a user with an email domain in your Server or Data Center instance that your security team does not trust, you should work with them to investigate why that user still has access to your instance and what the user did in the system. Therefore, the “Not Trusted” classification should be used only for domains that present a security risk. For further details please see the documentation for Jira or for Confluence.
Though we recommend that everyone assess their Server and Data Center domains using this new feature, we understand it may not be possible for some customers in the midst of a migration. To ensure you hit your planned migration date you can stay on your current version of the CMAs if you’ve successfully tested your migration and your production migration date is <6 weeks away. However, we suggest that you obtain a list of domains by carrying out the following steps Auditing user email domains by querying the application database and reviewing your domains before your production migration.
Even if you’ve already migrated to the cloud, we recommend you audit your users regularly. To audit your users in the cloud, you can export a site by following this guide Auditing user email domains in the Cloud. If you find any domains that can't be trusted, you can suspend the user in the cloud until your security team can investigate further.
If you’re migrating to Cloud identified a domain that can’t be trusted, please see https://support.atlassian.com/migration/docs/review-users-to-trust-email-domains/