cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure AD Connect - Malicious replication of directory services

Trent
Iron Contributor

‎Oct 23 2017 12:50 AM - last edited on ‎Nov 30 2021 10:10 AM by

‎Oct 23 2017 12:50 AM - last edited on ‎Nov 30 2021 10:10 AM by

Azure AD Connect - Malicious replication of directory services

Hi

 

Just implemented ATA and the first alert I got was from the MSOL account Azure AD Connect creates from the server it is running on. Is this to be expected?

 

Thanks

T

4,603 Views
1 Like
7 Replies
Reply
7 Replies
Nicholas DiCola (SECURITY JEDI)

‎Oct 24 2017 04:48 PM

‎Oct 24 2017 04:48 PM

Re: Azure AD Connect - Malicious replication of directory services

are you expecting Azure AD connect to run on that box?  if yes, then exlude the machine from that detection.

0 Likes
Reply
Trent

‎Oct 27 2017 08:03 AM

‎Oct 27 2017 08:03 AM

Re: Azure AD Connect - Malicious replication of directory services

Yes Azure AD Connect is on that machine.

0 Likes
Reply
SeyfAllah .

‎Mar 13 2018 04:24 AM

‎Mar 13 2018 04:24 AM

RE: Azure AD Connect - Malicious replication of directory services

Hello, please exclude the AAD connect server from the detection. Seyfallah Tagrerout Microsoft MVP
1 Like
Reply
Petr Vlk

‎Jun 26 2019 08:24 AM

‎Jun 26 2019 08:24 AM

Re: RE: Azure AD Connect - Malicious replication of directory services

Hi, did you manage how to solve that without exclude the alert from such server?

0 Likes
Reply
Trent

‎Jul 01 2019 01:24 AM

‎Jul 01 2019 01:24 AM

Re: RE: Azure AD Connect - Malicious replication of directory services

@Petr Vlk no, I had to use an exclude

0 Likes
Reply
DrewP2400

‎Jul 05 2019 07:47 AM

‎Jul 05 2019 07:47 AM

Re: Azure AD Connect - Malicious replication of directory services

I too had this same issue and was curious what to do. Thanks for the post
0 Likes
Reply