Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Bulk Add for Sensitive Users and Groups ???

Copper Contributor

Is there a way to bulk add a list of Sensitive Users and Groups?

Thanks,

Troy

3 Replies
Hi Troy,

You may want to check if the users you are trying to add are members of the "by design considered sensitive groups in AD" which are listed here: https://docs.microsoft.com/en-us/defender-for-identity/manage-sensitive-honeytoken-accounts#sensitiv...

I am personally unaware of a PowerShell module being available for MDI which could be used to populate that list from a .csv if you have a genuine reason to define users as Sensitive who don't belong in those "by design" groups.

In the context of "automation" you may want to add those users in the Power Users group in AD as in newer versions of Windows the role is practically obsolete and this would matter only if you have legacy applications which could "use" the related rights and permissions.
No API or other way to do Bulk add, but if you create a dedicated security group, and add all the users to it, then simply add this one group as sensitive, all it members will be auto marked as sensitive...

@Eli Ofek 

 

If it ever worked, Now it doesn't

When you tag a security group as sensitive, the group members are not tagged as sensitive.

 

OfirDoron_0-1683800066738.png

 

Update: It is working..... was only a matter of time.... :facepalm:

OfirDoron_0-1683804591527.png