Forum Discussion
Secure Score "this account is sensitive and cannot be delegated"
Hi In Microsoft Secure Score when selecting the recommended action Ensure that all privileged accounts have the configuration flag "this account is sensitive and cannot be delegated" and in the Expo...
LiorShapiraYes, I can confirm that the list of exposed entities has now only 2 devices left. One of them has a DHCP role and the other device object is AzureADKerberos (https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust?tabs=intune#microsoft-entra-kerberos-and-cloud-kerberos-trust-authentication). What are your recommendation for the AzureADKerberos object? It's basically a Read-Only Domain controller and I would rather not break our Windows Hello authentication.
LiorShapira
Microsoft
Microsoftstarman2heven We've implemented today an exclusion for ADFS servers, Exchange servers, Certificate servers and AzureADKerberos object. Can you please check the recommendation again? thanks!