Forum Discussion
AD Connect MSOL_ User + Suspected DCSync Attack
We use AD Connect in order to replicate our on premise AD accounts to Azure AD. The replication process is completed under the context of the 'MSOL_xxxxxxxx' user account. The AD Connect applicatio...
I just found this while searching, in relation to Defender for Identity, and if others do the same I add my response here...
You will get this alert, Suspected DCSync attack (replication of directory services), when you start with Microsoft Defender for Identity. To Exclude the Azure AD Connect Server from causing this alert you can go to Settings - Identity - Exclusions by detection rule and add your Azure AD Connect server as an excluded device.
You will get this alert, Suspected DCSync attack (replication of directory services), when you start with Microsoft Defender for Identity. To Exclude the Azure AD Connect Server from causing this alert you can go to Settings - Identity - Exclusions by detection rule and add your Azure AD Connect server as an excluded device.
...is the correct answer! Thanks a lot 🙂