New Kerberos delegation types and columns in our identity security posture assessments


Two new enhancements are coming to Azure ATP's Identity security posture assessments:


First, we are rolling out new types of Kerberos delegation into Azure ATP's Unsecure Kerberos delegation assessments: Constrained and Resource Based




The new delegation types will show cases when a non-sensitive entity has been configured with constrained Kerberos delegation that points to a sensitive entity and when a sensitive entity has resource based constrained delegation configured for it, both allowing a malicious actor with a potential privilege escalation path if abused.


to make things easier to configure, we will surface the exact delegation details that needs to be removed




Furthermore, we are adding the much-requested Tags and Recommended action columns, where applicable, to show both the associated Tags (e.g. Sensitive) and the Recommend action per entity





0 Replies