What is an unsecure SID History attribute? SID History is an attribute that supports migration scenarios. Every user account has an associated Security IDentifier (SID) which is used to track the security principal and the access the account has when connecting to resources. SID History enables access for another account to effectively be cloned to another and is […]
What are unmonitored domain controllers? An essential part of the Microsoft Defender for Identity solution requires that its sensors are deployed on all organizational domain controllers, providing a comprehensive view for all user activities from every device. For this reason, Defender for Identity continuously monitors your environment to identify domain controllers without an installed Defender […]
What are Risky lateral movement paths? Microsoft Defender for Identity continuously monitors your environment to identify sensitive accounts with the riskiest lateral movement paths that expose a security risk, and reports on these accounts to assist you in managing your environment. Paths are considered risky if they have three or more non-sensitive accounts that can expose the sensitive account […]
What are legacy protocols? With all of the standard work enterprises perform to protect their infrastructure using patching and server hardening, one area that often remains overlooked is legacy protocol retirement. Without reducing legacy protocol exposure, credential theft remains relatively easy to accomplish. Most legacy protocols were drafted and created before today’s security needs existed, […]
What is Microsoft LAPS? Microsoft’s “Local Administrator Password Solution” (LAPS) provides management of local administrator account passwords for domain-joined computers. Passwords are randomized and stored in Active Directory (AD), protected by ACLs, so only eligible users can read it or request its reset. What risk does not implementing LAPS pose to an organization? LAPS provide […]
What information does the prevent clear text security assessment provide? This security assessment monitors your traffic for any entities exposing credentials in clear text and alerts you to the current exposure risks (most impacted entities) in your organization with suggested remediation. Why is clear text credential exposure risky? Entities exposing credentials in clear text are […]
What are sensitive dormant entities? Microsoft Defender for Identity discovers if particular users are sensitive along with providing attributes that surface if they are inactive, disabled, or expired. However, Sensitive accounts can also become dormant if they are not used for a period of 180 days. Dormant sensitive entities are targets of opportunity for malicious actors to gain sensitive access to your organization. What risk […]
What is the Print spooler service? Print spooler is a software service that manages printing processes. The spooler accepts print jobs from computers and makes sure that printer resources are available. The spooler also schedules the order in which print jobs are sent to the print queue for printing. In the early days of personal computers, users […]
Typically, organizations of all sizes have limited visibility into whether or not their on-premises apps and services could introduce a security vulnerability to their organization. The problem of limited visibility is especially true with regards to use of unsupported or outdated components. While your company may invest significant time and effort on hardening identities and […]
This article is designed to help you understand how to filter and create action policies for Defender for Identity activities using Microsoft Defender for Cloud Apps. For more information about how to complete your integration, see Defender for Identity integration with Defender for Cloud Apps. Core Defender for Identity functionality can be represented in the Microsoft […]