User Profile
Armpenu
Copper Contributor
Joined Sep 13, 2022
User Widgets
Recent Discussions
Re: GMSA account accessing server apps
Martin_Schvartzman I appreciate the answer, I have additional questions. Why is it necessary to setup the GPO if that is the case? What differences will be noticed once the SAM-R GPO is put into place? Please let me know if where our understanding is correct or not: What you mean is SAM-R is auto enabled in MDI, meaning sensors will start scanning the endpoints for the lateral moment, however you would have to update the SAM-R group policy in individual endpoints for capturing the actual lateral moment activities. In a few words, SAM-R is auto enabled, however for capturing the details successfully we need to make SAM-R GPO changes for individual endpoints.2.2KViews0likes3CommentsRe: GMSA account accessing server apps
Armpenu This is an example list of the connection we have seen. Date App Server Name User Connection IP Count 8/3/2022 ***323 SVC-MDI-GMSA 10.38.0.151 12 8/4/2022 ***323 SVC-MDI-GMSA 10.38.0.151 8 8/5/2022 ***322 SVC-MDI-GMSA 10.231.128.24 8 8/7/2022 ***323 SVC-MDI-GMSA 10.38.0.151 6 8/8/2022 ***323 SVC-MDI-GMSA 10.38.0.151 6 8/10/2022 ***322 SVC-MDI-GMSA 10.245.32.19 8 8/11/2022 ***324 SVC-MDI-GMSA 10.212.192.81 4 8/11/2022 ***325 SVC-MDI-GMSA 10.212.192.81 12 8/11/2022 ***326 SVC-MDI-GMSA 10.212.192.81 8 8/12/2022 ***324 SVC-MDI-GMSA 10.212.192.81 32 8/12/2022 ***325 SVC-MDI-GMSA 10.212.192.81 52 8/12/2022 ***326 SVC-MDI-GMSA 10.212.192.81 68 8/13/2022 ***322 SVC-MDI-GMSA 10.207.224.5 8 8/13/2022 ***324 SVC-MDI-GMSA 10.212.192.81 28 8/13/2022 ***325 SVC-MDI-GMSA 10.212.192.81 48 8/13/2022 ***326 SVC-MDI-GMSA 10.212.192.81 72 8/14/2022 ***300 SVC-MDI-GMSA 10.212.192.81 4 8/14/2022 ***322 SVC-MDI-GMSA 10.231.128.24 8 8/14/2022 ***324 SVC-MDI-GMSA 10.212.192.81 362.2KViews0likes5CommentsGMSA account accessing server apps
We have deployed Microsoft Defender for Identity on our tenant, and we have questions about why the GMSA is connecting to different app servers and IPs. We would like to understand why this is happening. SAMR is not implemented yet. Please let me know if more information is needed.Solved
Recent Blog Articles
No content to show