Jul 09 2023 01:04 PM
We are updating Microsoft Secure Score improvement actions to ensure a more accurate representation of security posture.
When this will happen:
Rollout will begin in mid-July (previously mid-June) and is expected to be complete by late July (previously late June).
How this will affect your organization:
The following Microsoft Defender for Identity recommendations will be added as Microsoft Secure S
Score improvement actions:
Remove the attribute 'password never expires' from accounts in your domain
Remove access rights on suspicious accounts with the Admin SDHolder permission
Manage accounts with passwords more than 180 days old
Remove local admins on identity assets
Remove non-admin accounts with DCSync permissions
Start your Defender for Identity deployment, installing Sensors on Domain Controllers and other eligible servers
Jul 18 2023 01:41 AM - edited Jul 18 2023 06:13 PM
@RioHindle - They need to add more information regarding the improvement action "Remove access rights on suspicious accounts with the Admin SDHolder permission? All sites appear to have this action triggered as NOT COMPLETED but it displays "Users affected - No data to show" and under "Exposed Entities" it is blank with a line at the bottom displaying:
{ISPM_REPORT_SUSPICIOUS_ADMIN_SD_HOLDER_USERS_TABLE_EMPTY_PLACEHOLDER}
Jul 18 2023 06:10 PM
@GaryCutri As of today the "Exposed Entities" section of "Remove access rights on suspicious accounts with the Admin SDHolder permission" now shows "No non-sensitive Admin SDHolder users" but it is still marked as "To address".
Sep 01 2023 01:33 PM
Oct 04 2023 04:01 AM