Forum Discussion
Solved
Filtering OUs/Users
Hello, I am a newbie in the world of MDI and on the project i've just joined the end client has a requirement to protect a group of sensitive users housed in an OU in a child domain. There is a ...
- It does, but it has some latency.
Jsut want to make sure you understand that even if you can "make it work" "good enough" now,
no one promises you that it will stay like that over time, as it it not designed which such approach in mind. a future code change might change things.
I still think that there could be cases where such data will be displayed even if not resolved properly.
Hi Eli,
We appreciate that this is an unsupported activity and that it is nonsensical from a security perspective, however, these activities have been a necessary evil as we likely won't get approval to install sensors without this exclusion.
As far as activities are concerned, i used a non protected account to log on to a network device and this was reported in Advanced hunting queries. I did the same activity with a protected account and this wasn't reported in the same query. I assume Advanced Hunting runs its queries against Azure?
We appreciate that this is an unsupported activity and that it is nonsensical from a security perspective, however, these activities have been a necessary evil as we likely won't get approval to install sensors without this exclusion.
As far as activities are concerned, i used a non protected account to log on to a network device and this was reported in Advanced hunting queries. I did the same activity with a protected account and this wasn't reported in the same query. I assume Advanced Hunting runs its queries against Azure?
EliOfek
Microsoft
MicrosoftIt does, but it has some latency.
Jsut want to make sure you understand that even if you can "make it work" "good enough" now,
no one promises you that it will stay like that over time, as it it not designed which such approach in mind. a future code change might change things.
I still think that there could be cases where such data will be displayed even if not resolved properly.
Jsut want to make sure you understand that even if you can "make it work" "good enough" now,
no one promises you that it will stay like that over time, as it it not designed which such approach in mind. a future code change might change things.
I still think that there could be cases where such data will be displayed even if not resolved properly.
- Thanks Eli, that helps a lot. I can use the points you make as caveats in the document we are submitting to the client