Forum Discussion
Secure Score "this account is sensitive and cannot be delegated"
I can confirm that today securescore has marked this recommendation as complete, thank you for that.
There is one small oddity though, which is that the recommendation still lists the DCs in the 'exposed entities' section even though it's completed. I think this might be confusing for people who approach this recommendation from a point where they do have valid exposed entities they need to address, if the DC computer accounts are still listed there, but don't prevent completion.
MicrosoftSblackery Could you please send me an email with your tenant ID? liorshapira@microsoft.com
Hi LiorShapira.
I can confirm that we still see our domain controllers in the 'exposed entities'.
Could you please clarify if it's safe to apply the setting "this account is sensitive and cannot be delegated" to Microsoft DHCP servers and PKI servers?
