Forum Discussion
Secure Score "this account is sensitive and cannot be delegated"
Sblackery Hi, I absolutely agree with you.
The main problem is that these tips should be constantly updated and you don't mistakenly put obsolete remedies; I give the example of LAPS; if you activate it with the modern method, the score is not credited; if you use the one recommended by Microsoft (old procedure), it is; this is to say that many companies follow this score as a guideline and it should be like the bible.
Microsoftmicheleariis Sblackery We are currently working on excluding DC's from this recommendation. We will update our public docs to include remediation steps for device accounts and the recommendation title will be changed as well. All will be available by the beginning of next week.
- Hi - I see the learn documentation has been changed as you stated, but the securescore recommendation has not changed in either title or function (DCs are still listed). Does this mean the remediation steps should be followed for DCs also, or is the securescore update delayed? Thanks!
- LiorShapira
Sblackery The UI title, description and so on will be changed in a couple of days.
The DC's exclusion will be fully deployed by Wednesday. Please let me know if you have any issues.I can confirm that today securescore has marked this recommendation as complete, thank you for that.
There is one small oddity though, which is that the recommendation still lists the DCs in the 'exposed entities' section even though it's completed. I think this might be confusing for people who approach this recommendation from a point where they do have valid exposed entities they need to address, if the DC computer accounts are still listed there, but don't prevent completion.
LiorShapira Thanks
- thank you for this update.
