Forum Discussion

trond_kristiansen's avatar
trond_kristiansen
Copper Contributor
Nov 03, 2023
Solved

Remove dormant accounts from sensitive groups

Hi!   I'm having an issue with "remove dormant accounts from sensitive groups" in Secure Score.    The sensors are installed on an old Active Directory domain, and i do not know the history of it...
  • Jings's avatar
    Jings
    Feb 29, 2024
    On the 15th of february 2024, the two accounts I had listed as affected by "Remove dormant accounts from sensitive groups" finally cleared, and the Secure Score was updated as "Completed"
    I have not changed anything for months, so I presume this is a fix thats rolled out from MS?
    Can anyone else confirm this?
nick-365's avatar
nick-365
Copper Contributor
Dec 11, 2023
I have the same issue, user previously had Enterprise Admin and admincount=1, has since been removed from all groups, I've tried setting admincount to null and 0, no security permissions on the account allow replicating directory changes yet it's still listed in the "remove dormant accounts from sensitive groups" in Secure Score and marked as sensitive in AAD.

I even tried removing the user from the sync to delete from AAD and then adding back but this did not work.

Did anyone find a workaround for this?
trond_kristiansen's avatar
trond_kristiansen
Copper Contributor
Jan 11, 2024
Jings, nick-365
Sorry for the late response to the both of you! No, i still havent found the originating reason for this, and the problem still remains. I would've loved to get to the bottom of it..
  • JG-Burke's avatar
    JG-Burke
    Brass Contributor
    Jan 31, 2024
    This evaluation by MS just doesn't appear to be completely accurate. My MSOL account for AD connect keeps showing up.

Resources