User Profile

Armpenu

Copper Contributor

Joined Sep 13, 2022

4 Posts1 LikeLikes received

View All Badges

User Widgets

Recent Discussions

Re: GMSA account accessing server apps
Martin, Your time and expertise are appreciated. Thanks!
Sep 15, 2022 Place Microsoft Defender for Identity
2.1KViews
1like
1Comment
Re: GMSA account accessing server apps
Martin_Schvartzman I appreciate the answer, I have additional questions. Why is it necessary to setup the GPO if that is the case? What differences will be noticed once the SAM-R GPO is put into place? Please let me know if where our understanding is correct or not: What you mean is SAM-R is auto enabled in MDI, meaning sensors will start scanning the endpoints for the lateral moment, however you would have to update the SAM-R group policy in individual endpoints for capturing the actual lateral moment activities. In a few words, SAM-R is auto enabled, however for capturing the details successfully we need to make SAM-R GPO changes for individual endpoints.
Sep 14, 2022 Place Microsoft Defender for Identity
2.2KViews
0likes
3Comments
Re: GMSA account accessing server apps
Armpenu This is an example list of the connection we have seen. Date App Server Name User Connection IP Count 8/3/2022 ***323 SVC-MDI-GMSA 10.38.0.151 12 8/4/2022 ***323 SVC-MDI-GMSA 10.38.0.151 8 8/5/2022 ***322 SVC-MDI-GMSA 10.231.128.24 8 8/7/2022 ***323 SVC-MDI-GMSA 10.38.0.151 6 8/8/2022 ***323 SVC-MDI-GMSA 10.38.0.151 6 8/10/2022 ***322 SVC-MDI-GMSA 10.245.32.19 8 8/11/2022 ***324 SVC-MDI-GMSA 10.212.192.81 4 8/11/2022 ***325 SVC-MDI-GMSA 10.212.192.81 12 8/11/2022 ***326 SVC-MDI-GMSA 10.212.192.81 8 8/12/2022 ***324 SVC-MDI-GMSA 10.212.192.81 32 8/12/2022 ***325 SVC-MDI-GMSA 10.212.192.81 52 8/12/2022 ***326 SVC-MDI-GMSA 10.212.192.81 68 8/13/2022 ***322 SVC-MDI-GMSA 10.207.224.5 8 8/13/2022 ***324 SVC-MDI-GMSA 10.212.192.81 28 8/13/2022 ***325 SVC-MDI-GMSA 10.212.192.81 48 8/13/2022 ***326 SVC-MDI-GMSA 10.212.192.81 72 8/14/2022 ***300 SVC-MDI-GMSA 10.212.192.81 4 8/14/2022 ***322 SVC-MDI-GMSA 10.231.128.24 8 8/14/2022 ***324 SVC-MDI-GMSA 10.212.192.81 36
Sep 13, 2022 Place Microsoft Defender for Identity
2.2KViews
0likes
5Comments
GMSA account accessing server apps
We have deployed Microsoft Defender for Identity on our tenant, and we have questions about why the GMSA is connecting to different app servers and IPs. We would like to understand why this is happening. SAMR is not implemented yet. Please let me know if more information is needed.
Solved
Sep 13, 2022 Place Microsoft Defender for Identity
logging
microsoft 365 defender
Sensor
2.6KViews
0likes
6Comments

Recent Blog Articles

No content to show