New Kerberos delegation types and columns in our identity security posture assessments

%3CLINGO-SUB%20id%3D%22lingo-sub-1549877%22%20slang%3D%22en-US%22%3ENew%20Kerberos%20delegation%20types%20and%20columns%20in%20our%20identity%20security%20posture%20assessments%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1549877%22%20slang%3D%22en-US%22%3E%3CP%3ETwo%20new%20enhancements%20are%20coming%20to%20Azure%20ATP's%20Identity%20security%20posture%20assessments%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFirst%2C%20we%20are%20rolling%20out%20new%20types%20of%20Kerberos%20delegation%20into%20Azure%20ATP's%20Unsecure%20Kerberos%20delegation%20assessments%3A%20Constrained%20and%20Resource%20Based%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Kerberos.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F208408i194B33BE8EFBB9BF%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Kerberos.png%22%20alt%3D%22Kerberos.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20new%20delegation%20types%20will%20show%20cases%20when%20a%20non-sensitive%20entity%20has%20been%20configured%20with%20constrained%20Kerberos%20delegation%20that%20points%20to%20a%20sensitive%20entity%20and%20when%20a%20sensitive%20entity%20has%20resource%20based%20constrained%20delegation%20configured%20for%20it%2C%20both%20allowing%20a%20malicious%20actor%20with%20a%20potential%20privilege%20escalation%20path%20if%20abused.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Eto%20make%20things%20easier%20to%20configure%2C%20we%20will%20surface%20the%20exact%20delegation%20details%20that%20needs%20to%20be%20removed%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Modal.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F208409i2452E436102A1ECB%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Modal.png%22%20alt%3D%22Modal.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFurthermore%2C%20we%20are%20adding%20the%20much-requested%20Tags%20and%20Recommended%20action%20columns%2C%20where%20applicable%2C%20to%20show%20both%20the%20associated%20Tags%20(e.g.%20Sensitive)%20and%20the%20Recommend%20action%20per%20entity%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Columns.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F208410iDD6DBC07F0A2E2D4%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Columns.png%22%20alt%3D%22Columns.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOr.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1549877%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eazure%20atp%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EISP%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Esecurity%20posture%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Highlighted
Microsoft

Two new enhancements are coming to Azure ATP's Identity security posture assessments:

 

First, we are rolling out new types of Kerberos delegation into Azure ATP's Unsecure Kerberos delegation assessments: Constrained and Resource Based

 

Kerberos.png

 

The new delegation types will show cases when a non-sensitive entity has been configured with constrained Kerberos delegation that points to a sensitive entity and when a sensitive entity has resource based constrained delegation configured for it, both allowing a malicious actor with a potential privilege escalation path if abused.

 

to make things easier to configure, we will surface the exact delegation details that needs to be removed

 

Modal.png

 

Furthermore, we are adding the much-requested Tags and Recommended action columns, where applicable, to show both the associated Tags (e.g. Sensitive) and the Recommend action per entity

 

Columns.png

 

Or.

0 Replies