Forum Discussion
Secure Score - Accounts with non-default Primary Group ID
Microsoftmicheleariis This is a new security posture report we've released a few days ago.
The report contains entities with a non-default primary group id that may indicate of an attacker attempt to escalate privileges subtly, bypassing standard audits for group membership changes.
We will raise a report if the primary group id of an account is not one of the defaults, or the primary group id is different from the group that considered as primary. If that not the case, please open a support ticket so we can investigate the issue.
LiorShapira thank you for your response.
I can't understand why I am getting flagged for the AzureADKerberos account.- LiorShapira
micheleariis Thanks for your feedback, this account should not be included, and we are working on a fix. The recommendation will be updated in a couple of days.
LiorShapira Thank you for your response.
I will point out that there are also other recommendations that have already been implemented in my environment, which, however, is reported to me as being executed
-Ensure that user consent for apps that access company data on their behalf is not allowed
-Enable Microsoft Login ID Identity Protection user risk policies
-Ensure that all privileged accounts have the configuration flag "this account is sensitive and cannot be delegated"
