Forum Discussion
Security assessment: Microsoft LAPS usage
Or Tsemah
Having spent some time digging around in our on-prem environment, it looks as if these are objects the have been tombstoned in our AD, probably with the devices in question having been rebuilt multiple times, so this was a false alarm, sorry for wasting your time .
Would it be at all possible to surface the DeviceObjectId property of devices in the downloadable versions of the LAPS reports? This would really help us in reconciling the data, as it is a common identifier between on-prem AD, Azure AD and MDI/MCAS.
Once again, my apologies for the false alarm.
Stuart.
Hopefully its OK that I jump on this thread.
I have been looking at the LAPS reports this morning and wonder if its possible to get some more fields addded?
A lot of the machines in the report are either disabled or deleted (tombstoned) in AD. I don't see any point in following them up, so it would be good if we could filter them out.
It would also be useful to see if the machine is active or not. Could you add lastLogonTimestamp (the replicated one) so we can see if the machine is worth following up?
Best regards,
Sandy
- Or TsemahJan 27, 2021Microsoft
Thanks for those suggestion, these are indeed items that we would like to see in the report and we are actively working on making these happen, I'll share an ETA when i have on
- PELADANISHAGROAug 17, 2021Copper ContributorAny ETA on this? Could be a good help for us
- Or TsemahAug 17, 2021Microsoft
PELADANISHAGRO No ETA regarding the added columns, however, tombstoned devices should already be excluded, ping me if they are not