Forum Discussion

jazzer's avatar
jazzer
Copper Contributor
May 06, 2020

Medium Alert Read-only user password to expire shortly on GMSA

Hi Azure ATP Team, my Azure ATP is configured runs with a Group Managed Service Account to read the ADDS. Why ATP Alert my abount "Read-only user password to expire shortly" by a GMSA?   Kind Rega...
  • EliOfek's avatar
    EliOfek
    May 13, 2020

    The fact that we even alert on gmsa accounts is a bug, you don't have anything to do in that regards...

    There is no question about it..

     

    I asked because I am trying to figure out why it pops in your case and not in others.

    by default, when you define the gmsa account, it's password expiry policy is 1 month, but you can change it. my question was if you changed it to something lower than 1 month...

EliOfek's avatar
EliOfek
Icon for Microsoft rankMicrosoft

jazzer My suggestion is not to mess with it until we manage to fix it. given that you didn't change anything from default, I would suggest to leave it as is and ignore it for now.

Michele D'Angelantonio's avatar
Michele D'Angelantonio
Copper Contributor
Oct 16, 2020

hi EliOfek,

I have the same problem, sensor version 2.128.8744.

The bug is still not fixed?

Thanks

Mike 

  • EliOfek's avatar
    EliOfek
    Icon for Microsoft rankMicrosoft
    Oct 16, 2020

    Michele D'Angelantonio Sadly no, it's prioritized low as it's not causing any real issues on detection.

    you can just ignore those alert for gmsa accounts until we fix it.

Resources