Sensitivity Tags for Groups

Dean Gross · ‎Nov 15 2022

According to Microsoft Defender for Identity entity tags in Microsoft 365 Defender | Microsoft Learn many groups are automatically tagged as sensitive, I don't see any indication of this in the MDI settings portal at Identities - Microsoft 365 security.

Is this tagging hidden, or is something wrong in my environment?

moderncloud · ‎Nov 29 2022

I wondered this too after our initial deployment thinking this table would be populated automatically over time and waited.

Yesterday, I was running some PowerShell scripts with my admin account (this account has Security Administrator AAD role and ADDS Domain Admin) from our hybrid exchange server to one of our DCs and I triggered a "Remote code execution" alert in MDI. In the "Important Information" area of the alert, one of the points specify: "Potential sensitive lateral movement path identified to sensitive user(s), that includes *SERVER*."

So, in conclusion, I think the verbiage in that article means, any Identities that satisfy that list of criteria, are automatically and implicitly tagged as sensitive so they won't show up in that table. I went ahead and explicitly added my admin account to that Sensitive Tag table, however.

Or Tsemah · ‎Dec 08 2022

@Dean Gross MDI automatically tags members of these groups as Sensitive, you can find it in their identity page

Furthermore, you can manually tag additional identities as sensitive through the settings screens

Sensitivity Tags for Groups

Sensitivity Tags for Groups

Re: Sensitivity Tags for Groups

Re: Sensitivity Tags for Groups

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Sensitivity Tags for Groups

Sensitivity Tags for Groups

Re: Sensitivity Tags for Groups

Re: Sensitivity Tags for Groups