SOLVED

Unsecure Kerberos delegation still visible after mitigation

%3CLINGO-SUB%20id%3D%22lingo-sub-1648981%22%20slang%3D%22en-US%22%3EUnsecure%20Kerberos%20delegation%20still%20visible%20after%20mitigation%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1648981%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3EAzure%20ATP%20noticed%20some%20accounts%20with%20unsecure%20Kerberos%20delegation.%20We%20deleted%20the%20affected%20accounts%20in%20active%20directory.%20Actually%20the%20warning%20should%20disapere%20after%20that%20but%20is%20still%20visible.%20I%20dont%20unterstand.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1651733%22%20slang%3D%22en-US%22%3ERe%3A%20Unsecure%20Kerberos%20delegation%20still%20visible%20after%20mitigation%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1651733%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F766936%22%20target%3D%22_blank%22%3E%40NinjaKitty%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAzure%20ATP%20needs%20to%20detect%20that%20these%20accounts%20are%20actually%20deleted%2C%20have%20you%20seen%20the%20%22Deleted%22%20tag%20added%20to%20these%20user%20account%20pages%20in%20AATP%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1652092%22%20slang%3D%22en-US%22%3ERe%3A%20Unsecure%20Kerberos%20delegation%20still%20visible%20after%20mitigation%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1652092%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F215466%22%20target%3D%22_blank%22%3E%40Or%20Tsemah%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20accounts%20are%20still%20marked%20as%20%22active%22%20in%20AATP%20even%20though%20they%20are%20deleted%20in%20active%20directory.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Contributor

Hello,

Azure ATP noticed some accounts with unsecure Kerberos delegation. We deleted the affected accounts in active directory. Actually the warning should disapere after that but is still visible. I dont unterstand.

7 Replies

@NinjaKitty 

Azure ATP needs to detect that these accounts are actually deleted, have you seen the "Deleted" tag added to these user account pages in AATP?

@Or Tsemah 

The accounts are still marked as "active" in AATP even though they are deleted in active directory.

best response confirmed by NinjaKitty (Occasional Contributor)
Solution

@NinjaKitty 
Make sure the AD account configured in the console has read access to AD's deleted items container.

That was it. Thank you very much.

Sorry for late reply. I had trouble logging into techcommunity with my federated account.
I've the same problem (deleted account in AD still marked in AATP as active) but AD didn't have recycle bin active due to the functional level I cannot raise.
May you suggest something to solve this problem?
thank you
We have plans to discover deleted objects without the deleted items folder, by checking activity times, I think it's active for some preview customers, not sure about the status of it.
Can you email AatpFeedback at microsoft com and describe your issue you are facing in this email?
yes, I can, for sure!!
thank you