Secure Score - Resolve unsecure account attributes

%3CLINGO-SUB%20id%3D%22lingo-sub-1424894%22%20slang%3D%22en-US%22%3ESecure%20Score%20-%20Resolve%20unsecure%20account%20attributes%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1424894%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20secure%20score%20preview%20has%20a%20measurement%20%22Resolve%20unsecure%20account%20attributes.%22%26nbsp%3B%20The%20description%20is%20%22Every%20account%20in%20Active%20Directory%20has%20multiple%20attributes%20representing%20its%20security%20configurations.%20When%20misconfigured%2C%20these%20attributes%20can%20make%20these%20account%20more%20susceptible%20to%20cyberattacks.%20Setting%20these%20attributes%20in%20accordance%20to%20security%20best%20practices%20can%20greatly%20increase%20the%20security%20posture%20of%20your%20accounts.%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAnyone%20know%20where%20any%20additional%20info%20for%20this%20is%3F%26nbsp%3B%20Would%20be%20good%20to%20know%20what%20the%20referenced%20%22best%20practices%22%20are%20and%20if%20they%20are%20specific%20to%20Azure%20AD%20and%2For%20AD.%26nbsp%3B%20The%20%22manage%22%20link%20in%20SS%20doesn't%20seem%20to%20lead%20anywhere%20specific.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThx!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1424894%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ESecure%20Score%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

The secure score preview has a measurement "Resolve unsecure account attributes."  The description is "Every account in Active Directory has multiple attributes representing its security configurations. When misconfigured, these attributes can make these account more susceptible to cyberattacks. Setting these attributes in accordance to security best practices can greatly increase the security posture of your accounts."

 

Anyone know where any additional info for this is?  Would be good to know what the referenced "best practices" are and if they are specific to Azure AD and/or AD.  The "manage" link in SS doesn't seem to lead anywhere specific. 

 

Thx!

1 Reply

So I actually had the exact same problem.   Its something you need to adjust on your local Domain.  You can run a powershell script found here to identify users who don't have passwords required at login, and then set them correctly.  

 

Active Directory Password not Required - IT for DummiesIT for Dummies

 

@g_mac