Forum Discussion

Copper Contributor

Jul 19, 2023

Remove access rights on suspicious accounts with the Admin SDHolder permission

Hi, Can the Defender Team please add more information regarding the improvement action "Remove access rights on suspicious accounts with the Admin SDHolder permission"? All sites appear to have t...

Threat Analytics

davidgoodfield

Copper Contributor

Jul 25, 2023

We are having the same issue. Still marked as 'To address' but under exposed entities it says 'No non-sensitive Admin SDHolder users'.

GaryCutri
Copper Contributor
Jul 25, 2023
Thanks for the feedback. It's been a week now and our tenants are still listed as "To address". We now have other "Defender for Identity" improvement actions that are completed but listed as "To address" (e.g. Remove dormant accounts from sensitive groups). It's clear that the Identity actions are not being updated and\reported correctly.
- Daniel Naim
  Former Employee
  Jul 25, 2023
  Thanks for surfacing it, this should be resolved in the upcoming MDI version (209)
  
  If that's not the case feel free to tag me again.
  - Daniel Naim
    Former Employee
    Jul 25, 2023
    GaryCutri davidgoodfield
    
    Can you please with me your tenant details? can do it over email.
    daniel.naim@microsoft.com