Forum Discussion
Reconnaissance using account enumeration - how to troubleshoot
Hello, I have a new install of ATA on 6 DC's. 2 DC's are in Azure space for our AD Connect sync/ADFS. Is this alert a common occurance seen on ADFS/WAP servers? safe to create an exception? Sh...
DrewP2400 The accounts that have been uncovered, are they on https://haveibeenpwned.com/ ? In which case it could be a low and slow attack using a list obtained from a breach. Do you have ADFS Proxies as well? Could you put Smart Lockout on? https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-extranet-smart-lockout-protection Are you already using Azure MFA?
