Forum Discussion
Enable Unconstrained Kerberos Delegation
Hi there, By default the group ''Account Operators'' is often used, despite that Microsoft recommend it to keep it empty, but this group has wide permissions in the domain. All the users in Accou...
EliOfekDo you consider to add this detection rule to it?
Or Tsemah Can you please share with Deleted the relevant identity security posture reports?
Huy, what you are suggesting is covered by reports and not alerts, as it is more relevant for dangerous configurations in the environment,
Deleted I can confirm that this feature (Exposing which entity has an unsecure kerberos delegation such as Unconstrained or some variations of constrained\resource based delegations) is in private preview and i hope to share some information about its release soon.
If you would like to know more, you can contact me directly.
