Forum Discussion

micheleariis's avatar
micheleariis
MCT
Oct 04, 2024

Secure Score - Accounts with non-default Primary Group ID

Hi all, I am getting a report that the object (computer) on AzureADKerberos active directory does not have a correct Primary Group ID; I have checked and see no anomalies; does anyone else have this ...
identity protection
microsoft 365 defender
Sensor
micheleariis's avatar
micheleariis
MCT
Oct 07, 2024

LiorShapira thank you for your response.
I can't understand why I am getting flagged for the AzureADKerberos account.

LiorShapira's avatar
LiorShapira
Icon for Microsoft rankMicrosoft
Oct 07, 2024

micheleariis Thanks for your feedback, this account should not be included, and we are working on a fix. The recommendation will be updated in a couple of days. 

  • micheleariis's avatar
    micheleariis
    MCT
    Oct 07, 2024

    LiorShapira Thank you for your response.

    I will point out that there are also other recommendations that have already been implemented in my environment, which, however, is reported to me as being executed

    -Ensure that user consent for apps that access company data on their behalf is not allowed

    -Enable Microsoft Login ID Identity Protection user risk policies

    -Ensure that all privileged accounts have the configuration flag "this account is sensitive and cannot be delegated"

    • micheleariis's avatar
      micheleariis
      MCT
      Oct 07, 2024

      + Enable conditional access policies to block legacy authentication

      +Make sure the Password expiration policy is set to Set passwords as never-expiring (recommended)

      LiorShapira 

       

Resources