Forum Discussion
rob_wood_8894
Apr 26, 2022Brass Contributor
Filtering OUs/Users
Hello, I am a newbie in the world of MDI and on the project i've just joined the end client has a requirement to protect a group of sensitive users housed in an OU in a child domain. There is a ...
- May 19, 2022It does, but it has some latency.
Jsut want to make sure you understand that even if you can "make it work" "good enough" now,
no one promises you that it will stay like that over time, as it it not designed which such approach in mind. a future code change might change things.
I still think that there could be cases where such data will be displayed even if not resolved properly.
EliOfek
Microsoft
There is no official support for such scoping.
Having said that, if indeed the DCs in this country are not communicating in the network level with entities outside the country, then blocking the entities in AD and not installing sensors on those DCs in this country will likely (never tested or verified) cloak them (and any adversary that will operate in this country) , but that's a big "IF" on the no outside communication.
Having said that, if indeed the DCs in this country are not communicating in the network level with entities outside the country, then blocking the entities in AD and not installing sensors on those DCs in this country will likely (never tested or verified) cloak them (and any adversary that will operate in this country) , but that's a big "IF" on the no outside communication.
rob_wood_8894
Apr 26, 2022Brass Contributor
We will be running a POC so it will be useful to see what happens without a sensor being installed on that Child Domain. Clearly it would be reducing the effectiveness of the product if a whole DC was excluded from monitoring so the client would have to mitigate that risk!