User Profile
Arian_van_der_Pijl
Iron Contributor
Joined 8 years ago
User Widgets
Recent Discussions
Re: Microsoft Changes Name of File Deleted Audit Event
First time confusingly looking into the audit logs for who deleted a file. Although this is after the fact that things have changed it is still confusing to see 'Deleted file' as an activity, or I might misunderstand, and this is the state when really purged from the system and recycled is just in the recycle Bin. Time to hit the books :)233Views0likes0CommentsRe: Exclude account from secure score 'Remove non-admin accounts with DCSync permissions'
Well, unfortunately it doesn't seem to work. I excluded the MSOL_EntraSync account -> Exclude entities by detection rule -> Suspected DCSync attack (replication of directory services) but it still shows in the 'exposed entities' in Secure Score -> 'Remove non-admin accounts with DCSync permissions'. So esatyaman do you happen to have any further suggestions? thanks in advance. Because it's my test environment at home (on-premises) I shut it down when not in use but I guess I have waited long enough to conclude the results 🙂 Related: Also the Secure Score for Identity Protection 'Remove the attribute 'password never expires' from accounts in your domain' does list several 'HealthMailbox-xxx' accounts as 'exposed entities'. Accounts are from local AD with local Exchange Servers. Can't find a matching exlusion either. But first at least trying to solve this exclusion 🙂1.6KViews1like1CommentRe: Exclude account from secure score 'Remove non-admin accounts with DCSync permissions'
Hi esatyaman thanks for the reply. I failed earlier to match the 'Remove non-admin accounts with DCSync permissions' with 'Suspected DCSync attack (replication of directory services)' as you pointed out. I did enable the exclusion and will wait (and report) if this is the exclusion that works. (and removed the user from 'Global excluded entities') Thanks!1.9KViews0likes3CommentsExclude account from secure score 'Remove non-admin accounts with DCSync permissions'
I do (i think :)) have a legit MSOL_522f75393cfe account which needs the DCSync permissions (Entra Connect) so how can I exclude this account from being detected to this rule? I can find some 'exceptions'; Microsoft Defender | Settings | Identities | Actions and exclusions | Global excluded entities https://security.microsoft.com/settings/identities?tabid=globalExclude&tid=e681ca77-e7ac-448f-b649-6c82feadfe8e I put the account there so it has the 'Exclude entities from all detection rules' option. Is this the only way (i prefer not to exlude the account but only an exception of the detection) to exclude an account?2.2KViews0likes5CommentsRe: No Microsoft Planner in Microsoft Teams
ChrisWebbTech quote: Find that policy, then check the Microsoft Apps section and make sure all apps are allowed, or if Allowed Apps is selected there instead, make sure Planner is added to the allowed list. This should get it available. Once it's changed it will take a little bit of time to take hold. the problem is that the 'Planner' app is not listed in the app selection or app list at all. So you can only choose the broad 'Allow all Microsoft Apps' instead of just the granular 'Planner' app.1.2KViews0likes0CommentsRe: Will there be a Windows 10 ADK for 1909?
https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install Note A Windows ADK for Windows 10, version 1909 will not be released. You can use the Windows ADK for Windows 10, version 1903 to deploy Windows 10, version 1909.41KViews0likes1Comment
Recent Blog Articles
No content to show