Two new enhancements are coming to Azure ATP's Identity security posture assessments:

First, we are rolling out new types of Kerberos delegation into Azure ATP's Unsecure Kerberos delegation assessments: Constrained and Resource Based

The new delegation types will show cases when a non-sensitive entity has been configured with constrained Kerberos delegation that points to a sensitive entity and when a sensitive entity has resource based constrained delegation configured for it, both allowing a malicious actor with a potential privilege escalation path if abused.

to make things easier to configure, we will surface the exact delegation details that needs to be removed

Furthermore, we are adding the much-requested Tags and Recommended action columns, where applicable, to show both the associated Tags (e.g. Sensitive) and the Recommend action per entity

Or.