SOLVED
Home

Microsoft Security Advisory 4056318

Emy Loanzon
Contributor

Microsoft posted this advisory in the Office 365 Admin message center.

 

https://docs.microsoft.com/en-us/security-updates/securityadvisories/2017/4056318

 

The advisory wants customers with AAD Connect older than 1.1.654.0 to restrict the AD DS account used in AAD Connect. However, halfway in the article, Microsoft advises that this AD DS account be made a member of Enterprise Admins, Domain Admins and other groups with elevated privileges.

Very confusing.

 

Looking for feedback/guidance from this group.

 

Thank you.

 

2 Replies
Solution

Which part of the article are you referring to? The steps in the Lock down access to the AD DS account section detail which objects will have permission ON the account, not to which group it needs to belong.

 

Fellow MVPs have posted some more detailed instructions on how this should be applied: http://www.expta.com/2017/12/secure-aad-connect-new-build-116540-and.html

https://practical365.com/blog/microsoft-releases-advisory-for-azure-ad-connect-service-account-secur...

Thank you @Vasil Michev for these references!

Related Conversations
Extentions Synchronization
ChirmyRam in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies