cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Veeam Backup and Replication v11 warning / User changes

StephanGee
Steel Contributor

‎Mar 02 2023 11:46 PM

‎Mar 02 2023 11:46 PM

Veeam Backup and Replication v11 warning / User changes

Hi everyone,

 

i recently migrated from ATA to MDI and have 2 questions.

 

In ATA we could see what a helpdesk worker did to a user account (added to group, changed end date etc).  In MDI it seems like we do not get this information. I have set all the Eventlog and audit rights to the DCs and Domain.

 

Also i get the warning about Veeam B&R with Remote Code execution. How can i built a "least privilege" exclusion on this warning?
A user attempted to execute VeeamVssSupport (C:\Windows\VeeamVssSupport\VeeamGuestHelper.exe) on 2 domain controllers via SvcCtl. The remote execution succeeded.

 

I do not want to exclude the whole backupservers for this warning or even the domain controllers as "destination". Is there also a possiblity to exclude a file? 

 

Best regards

Stephan

3,994 Views
0 Likes
8 Replies
Reply
8 Replies
StephanGee

‎Mar 07 2023 10:40 PM

‎Mar 07 2023 10:40 PM

Re: Veeam Backup and Replication v11 warning / User changes

No one is using Veeam with MDI?
I now defined two interaction proxies and excluded them for the specific warning.

 

For the second questions. I miss this on our "helpdesk admins"

StephanGee_0-1678257479636.png

vs MDI

2023-03-08_07h39_45.png

 

Or is this kind of a special right needed (I am Global Admin).

 

0 Likes
Reply
LiorShapira

‎Mar 09 2023 01:00 PM

‎Mar 09 2023 01:00 PM

Re: Veeam Backup and Replication v11 warning / User changes

@StephanGee regarding your second question, no special role is needed. We are working on adding more information to each activity in the identity timeline, as we see below in "group membership changed" example. This change should be available by the end of the month. 

0 Likes
Reply
StephanGee

‎Mar 09 2023 09:50 PM

‎Mar 09 2023 09:50 PM

Re: Veeam Backup and Replication v11 warning / User changes

That's great news! Thank you.
0 Likes
Reply
StephanGee

‎Apr 18 2023 02:11 AM

‎Apr 18 2023 02:11 AM

Re: Veeam Backup and Replication v11 warning / User changes

I could not see anything related in the release notes. https://learn.microsoft.com/en-us/defender-for-identity/whats-new
Was this postponed?
0 Likes
Reply
best response confirmed by StephanGee (Steel Contributor)
LiorShapira

‎May 02 2023 12:21 AM

‎May 02 2023 12:21 AM

Solution

Re: Veeam Backup and Replication v11 warning / User changes

@StephanGee We've updated the group membership changes activities in the user timeline ~2 weeks ago. Please let me know if there's a problem.   

1 Like
Reply
StephanGee

‎May 02 2023 01:59 AM

‎May 02 2023 01:59 AM

Re: Veeam Backup and Replication v11 warning / User changes

Thank you. I can confirm that. It is working.
0 Likes
Reply
IBMer23

‎Aug 24 2023 10:25 AM

‎Aug 24 2023 10:25 AM

Re: Veeam Backup and Replication v11 warning / User changes

I have this same issue, what did you do to resolve ?
0 Likes
Reply
StephanGee

‎Aug 24 2023 10:55 PM

‎Aug 24 2023 10:55 PM

Re: Veeam Backup and Replication v11 warning / User changes

I did this:
"I now defined two interaction proxies and excluded them for the specific warning."

Thats the minimum tune that's possible i think.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by StephanGee (Steel Contributor)
LiorShapira

‎May 02 2023 12:21 AM

‎May 02 2023 12:21 AM

Solution

Re: Veeam Backup and Replication v11 warning / User changes

@StephanGee We've updated the group membership changes activities in the user timeline ~2 weeks ago. Please let me know if there's a problem.   

View solution in original post

1 Like
Reply