Unsecure Kerberos delegation still visible after mitigation

%3CLINGO-SUB%20id%3D%22lingo-sub-1648981%22%20slang%3D%22en-US%22%3EUnsecure%20Kerberos%20delegation%20still%20visible%20after%20mitigation%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1648981%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3EAzure%20ATP%20noticed%20some%20accounts%20with%20unsecure%20Kerberos%20delegation.%20We%20deleted%20the%20affected%20accounts%20in%20active%20directory.%20Actually%20the%20warning%20should%20disapere%20after%20that%20but%20is%20still%20visible.%20I%20dont%20unterstand.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1651733%22%20slang%3D%22en-US%22%3ERe%3A%20Unsecure%20Kerberos%20delegation%20still%20visible%20after%20mitigation%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1651733%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F766936%22%20target%3D%22_blank%22%3E%40NinjaKitty%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAzure%20ATP%20needs%20to%20detect%20that%20these%20accounts%20are%20actually%20deleted%2C%20have%20you%20seen%20the%20%22Deleted%22%20tag%20added%20to%20these%20user%20account%20pages%20in%20AATP%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hello,

Azure ATP noticed some accounts with unsecure Kerberos delegation. We deleted the affected accounts in active directory. Actually the warning should disapere after that but is still visible. I dont unterstand.

3 Replies
Highlighted

@NinjaKitty 

Azure ATP needs to detect that these accounts are actually deleted, have you seen the "Deleted" tag added to these user account pages in AATP?

Highlighted

@Or Tsemah 

The accounts are still marked as "active" in AATP even though they are deleted in active directory.

@NinjaKitty 
Make sure the AD account configured in the console has read access to AD's deleted items container.