Forum Discussion
jazzer
May 06, 2020Copper Contributor
Medium Alert Read-only user password to expire shortly on GMSA
Hi Azure ATP Team, my Azure ATP is configured runs with a Group Managed Service Account to read the ADDS. Why ATP Alert my abount "Read-only user password to expire shortly" by a GMSA? Kind Rega...
- May 13, 2020
The fact that we even alert on gmsa accounts is a bug, you don't have anything to do in that regards...
There is no question about it..
I asked because I am trying to figure out why it pops in your case and not in others.
by default, when you define the gmsa account, it's password expiry policy is 1 month, but you can change it. my question was if you changed it to something lower than 1 month...
jazzer
May 13, 2020Copper Contributor
Yes the Alert is still active and the Sensors are still working. I want the system to manage the password. I don't want to have to set the gmsa to Password never expiere!
The Medium Alert is:
A health issue occurred in contoso
The password for the read-only user, contoso.com\gmsa-ATPSensor$, expires on 5/29/2020 6:58:43 AM UTC. The read-only user is used by the Sensor services to perform LDAP queries against the domain controllers in the environment. If the password expires, the system will stop functioning as expected.
EliOfek
Microsoft
May 13, 2020jazzer What is the password expiry policy for this account/domain ?
The default for gmsa is to roll passwords once a month. any chance you changed it to something lower?
- jazzerMay 13, 2020Copper Contributor
HIi EliOfek
what you mean by "changed it to something lower". The purpose of a gmsa is that the system manages and changes the password, like a computer account. In what intervals the system changes the password should be left to the system. If we can already use a gmsa account in ATP, it should also be able to handle it and do not alert my about a password expiration.
The Password Policy is like:
Force user logoff how long after time expires?: Never
Minimum password age (days): 1
Maximum password age (days): 42
Minimum password length: 8
Length of password history maintained: 24
Lockout threshold: Never
Lockout duration (minutes): 30
Lockout observation window (minutes): 30- EliOfekMay 13, 2020
Microsoft
The fact that we even alert on gmsa accounts is a bug, you don't have anything to do in that regards...
There is no question about it..
I asked because I am trying to figure out why it pops in your case and not in others.
by default, when you define the gmsa account, it's password expiry policy is 1 month, but you can change it. my question was if you changed it to something lower than 1 month...