Upcoming Webinar
Understand How Your Peers Approach AD Forest Recovery
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
Unlocking the Secrets of App Security!
In this episode of UnplugIT, Stephen Rose talks to IT expert and technology engineer Sean Hurley about how to secure apps in the cloud.
Essential Eight + Microsoft 365 Backup Compliance
This download allows you to demonstrate exactly how the technology you use keeps customers covered and compliant.
UK Ransomware Guidelines + M365 Backup Compliance
This download allows you to demonstrate exactly how the technology you use keeps customers covered and compliant.

Microsoft Defender for Identity Can Now Detect Insecure Domain Configurations

Microsoft Defender for Identity is getting a new update that enables IT admins to identify insecure domain configurations in their environments. These security capabilities aim to protect businesses from Kerberos resource-based constrained delegation relay attacks.

Specifically, Microsoft Defender for Identity provides real-time monitoring to detect two default configurations that are vulnerable to security breaches. These insecure domains could allow threat actors to gain system privileges by exploiting the Kerberos relaying (KrbRelayUp) hacking tool.

“Configuring Active directory optimal security has always been top of mind for the Microsoft Defender for Identity team and its research them, recent attacks, such as KrbRelayUp, had repeatedly shown us how certain, often default, settings can be used against their intended purpose and result in an identity compromise,” said Or Tsemah, Senior Product Manager for Microsoft Defender for Identity.

Microsoft Defender for Identity Can Now Detect Insecure Domain Configurations

Microsoft highlighted that the “Set ms-DS-MachineAccountQuota” configuration lets attackers configure up to 10 accounts on the target network. The evaluation capability for this default configuration is now available for all users.

Additionally, Microsoft advises IT Pros to enforce the “Require signing” LDAP policy setting because “unsigned network traffic” is subject to man-in-the-middle (MITM) attacks. Basically, LDAP is a directory service protocol that lets users access files, servers, apps, and other IT resources. The firm plans to release the LDAP configuration detection capability within the “next two weeks.”

Microsoft Defender for Identity to add support for configurations

To get started with the new security assessment tool, IT admins can head to the Secure Score section of the Microsoft 365 Defender portal. Now, review the list of improvement actions to find insecure domain configurations. IT Pros can modify or remove the affected configurations as needed.

Overall, it’s great to see that Microsoft is improving its security tools to protect enterprise customers from potential exploitation. Meanwhile, the company also plans to add support for more security posture configuration detections to its Microsoft Defender for Identity solution.

by Rabia Noureen
Jun 27, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

Streamlining SaaS Governance: How Nudge Security Simplifies Compliance and Security Management for Cloud Apps

Oct 30, 2023
Nov 03, 2023
Webinar: Learn How to Keep Critical Web Apps Online and Sensitive Data Secure

May 9, 2023
The Ultimate Guide to Web Application Firewalls (WAF)

Jun 20, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.