Jan 04 2024 12:27 PM
Hello,
I am trying to understand how I can access vulnerability specific data just for MDI. I am not that interested in alerts or incidents. Examples of data I am interested in would be known vulnerabilities, misconfigurations, and weaknesses within Active Directory and Azure Active Directory.
So far looking at the MS Defender console the data to me looks pretty scattered. The most interesting location I have found looks to be the general "Secure score" and then filter on "Identity". However, I only see 35 items listed there. I am not sure if I am looking at the correct location or I am doing something wrong. I have not found a lot of documentation on Identity from more of a vulnerability management perspective. Not sure if someone out there can provide some guidance?
Regards,
Joe
Jan 05 2024 05:28 AM
Hi @danjomartinz,
To retrieve vulnerability-specific data for Microsoft Defender for Identity (MDI), you can utilize the Microsoft Secure Score.
Microsoft Secure Score | Microsoft Learn
Here are the steps:
These assessments offer insights into detections and contextual data regarding known exploitable components and misconfigurations, providing relevant paths for remediation.
They also enable active monitoring for on-premises identities and identity infrastructure.
Here is a list outlining the 16 most common AD vulnerabilities and misconfigurations.
www.infosecmatter.com
For a more comprehensive understanding of vulnerability management, the OWASP Vulnerability Management Guide can be valuable.
It provides practical information on pentesting Active Directory environments, listing common AD vulnerabilities and misconfigurations.
owasp.org
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)