You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: ATPDocs/remove-discoverable-passwords-active-directory-account-attributes.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,9 +14,9 @@ Certain free-text attributes are often overlooked during hardening but are reada
14
14
15
15
Attackers seek low-friction paths to expand access. Exposed passwords in these attributes represent an easy win because:
16
16
17
-
- The attributes are not access-restricted.
17
+
- The attributes aren't access-restricted.
18
18
19
-
- They are not monitored by default.
19
+
- They aren't monitored by default.
20
20
21
21
- They provide context attackers can exploit for lateral movement and privilege escalation.
22
22
@@ -29,7 +29,7 @@ Removing exposed credentials from these attributes reduces the risk of identity
29
29
> This security recommendation is part of Microsoft Defender for Identity and is powered by AI-based analysis of free-text attributes in Active Directory.
30
30
> Findings can include false positives. Always validate the results before taking action.
31
31
32
-
Microsoft Defender for Identity detects potential credential exposure in Active Directory by analyzing commonly used free-text attributes. This includes looking for common password formats, hints, `'description'`, `'info'`, and `'adminComment'` fields, as well as other contextual clues that may suggest the presence of credential misuse. Microsoft Defender for Identity detects indicators such as:
32
+
Microsoft Defender for Identity detects potential credential exposure in Active Directory by analyzing commonly used free-text attributes. This includes looking for common password formats, hints, `'description'`, `'info'`, and `'adminComment'` fields, and other contextual clues that might suggest the presence of credential misuse. Microsoft Defender for Identity detects indicators such as:
33
33
34
34
- Plaintext passwords or variations. For example, '`Password=Summer2024!'`
35
35
@@ -44,7 +44,7 @@ Detected matches are surfaced in **Secure Score** and the **Security Assessment
44
44
45
45
To address this security assessment, follow these steps:
46
46
47
-
1. Review the recommended action at[https://security.microsoft.com/securescore?viewid=actions](https://security.microsoft.com/securescore?viewid=actions) forRemove discoverable passwords in Active Directory account attributes.
47
+
1. Review the recommended action at[https://security.microsoft.com/securescore?viewid=actions](https://security.microsoft.com/securescore?viewid=actions) forRemove discoverable passwords in Active Directory account attributes.
48
48
1. Review the exposed entries in the security report. Identify any field content that includes:
49
49
50
50
- Cleartext passwords
@@ -57,4 +57,4 @@ To address this security assessment, follow these steps:
57
57
1. Fully remove the sensitive information. Don’t just mask the value. Partial obfuscation (for example, P@ssw***) can still offer useful clues to attackers.
58
58
59
59
> [!NOTE]
60
-
> Assessments are updated in near real time, and scores and statuses are updated every 24 hours. The list of impacted entities is updated within a few minutes of your implementing the recommendations. The status might take time until it's marked as **Completed**.
60
+
> Assessments are updated in near real time. Scores and statuses are updated every 24 hours. The list of impacted entities is updated within a few minutes of you implementing the recommendations. The status might take time until it's marked as **Completed**.
Copy file name to clipboardExpand all lines: ATPDocs/remove-inactive-service-account.md
+5-1Lines changed: 5 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -31,4 +31,8 @@ To leverage this security assessment effectively, follow these steps:
31
31
- Delete the account: If no issues are observed, proceed to delete the account and fully remove its access.
32
32
33
33
> [!NOTE]
34
-
> Assessments are updated in near real time, and scores and statuses are updated every 24 hours. The list of impacted entities is updated within a few minutes of your implementing the recommendations. The status may take time until it's marked as **Completed**.
34
+
> Assessments are updated in near real time, and scores and statuses are updated every 24 hours. The list of impacted entities is updated within a few minutes of your implementing the recommendations. The status may take time until it's marked as **Completed**.
0 commit comments