Forum Discussion
Incorrect Secure Score recommendation - Remove unnecessary replication permissions
Hi,
In our environment, we got the "Remove unnecessary replication permissions for Entra Connect AD DS Connector Account" secure score recommendation.
Based on the https://learn.microsoft.com/en-us/defender-for-identity/remove-replication-permissions-microsoft-entra-connect replication permission is needed when PHS is in use. We are using PTA, but PHS is also enabled as a fallback.
On the Entra Connect server I ran the following:
Import-Module ADSyncDiagnostics
Invoke-ADSyncDiagnostics -PasswordSync
The result is: Password Hash Synchronization cloud configuration is enabled
If I remove the replication permission, we soon receive an alert that password hash sync did not occour.
Is it normal? I would say that the sensor should be able to detect PHS usage hence not recommending to remove the permissions.
Thank you in advance,
Daniel