You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: ATPDocs/security-assessment-unsecure-account-attributes.md
+2-1Lines changed: 2 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -40,8 +40,9 @@ Use the remediation appropriate to the relevant attribute as described in the fo
40
40
| Enable Kerberos AES encryption support | Enable AES features on the account properties in AD | Enabling AES128_CTS_HMAC_SHA1_96 or AES256_CTS_HMAC_SHA1_96 on the account helps prevent the use of weaker encryption ciphers for Kerberos authentication. |
41
41
| Remove Use Kerberos DES encryption types for this account | Remove this setting from account properties in AD | Removing this setting enables the use of stronger encryption algorithms for the account's password. |
42
42
| Remove a Service Principal Name (SPN) | Remove this setting from account properties in AD | When a user account is configured with an SPN set, it means that the account has been associated with one or more SPNs. This typically occurs when a service is installed or registered to run under a specific user account, and the SPN is created to uniquely identify the service workspace for Kerberos authentication. This recommendation only showed for sensitive accounts. |
43
+
|Reset password as SmartcardRequired setting was removed|Reset the account password|Changing the account's password after the SmartcardRequired UAC flag was removed ensures it was set under current security policies. This helps prevent potential exposure from passwords created when smartcard enforcement was still active.|
43
44
44
-
Use the **UserAccountControl** flag to manipulate user account profiles. For more information, see:
45
+
Use the **UserAccountControl**(UAC) flag to manipulate user account profiles. For more information, see:
45
46
46
47
-[Windows Server troubleshooting](/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties) documentation.
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/governance-actions.md
+4-7Lines changed: 4 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -85,21 +85,17 @@ The following governance actions can be taken for connected apps either on a spe
85
85
-**Trash** – Move the file to the trash folder. (Box, Dropbox, Google Drive, OneDrive, SharePoint)
86
86
87
87
These actions are restricted to users with specific administrative roles. If the options described are not visible or accessible, please confirm with your system administrator that your account has one of the following roles assigned:
88
-
- Security Operator
88
+
- Security Operator
89
89
- Security administrator
90
90
- Global administrator
91
91
- Cloud app security administrator
92
92
93
93
:::image type="content" source="media/governance-actions/governance-actions-dropbox-google-workspace.png" alt-text="Screenshot that shows malware governance actions." lightbox="media/governance-actions/governance-actions-dropbox-google-workspace.png":::
94
94
95
95
> [!NOTE]
96
-
> In SharePoint and OneDrive, Defender for Cloud Apps supports user quarantine only for files in Shared Documents libraries (SharePoint Online) and files in the Documents library (OneDrive for Business).
97
-
>
98
-
> Microsoft Defender for Microsoft 365 customers can control detected malware files in SharePoint and OneDrive via the [Microsoft Defender XDR **Quarantine** page](https://security.microsoft.com/quarantine?viewid=Files). For example, supported activities include recovering files, deleting files, and downloading files in password-protected ZIP files. These activities are limited to files that were not already quarantined by Microsoft Defender for Cloud Apps.
99
-
> In SharePoint, Defender for Cloud Apps supports quarantine tasks only for files with Shared Documents in path in English.
100
-
>
96
+
> In SharePoint and OneDrive, Defender for Cloud Apps supports user quarantine only for files in Shared Documents libraries and only for files with Shared Documents in path in English (SharePoint Online) and files in the Documents library (OneDrive for Business). In addition, you must [enable the service principal](/graph/api/serviceprincipal-get?view=graph-rest-1.0&tabs=http) to get Malware detection and response support (this service API is enabled by default). Once API is enabled, Defender for Cloud Apps starts getting the logs (with a delay of 24-72 hours).
97
+
> Microsoft Defender for Microsoft 365 customers can control detected malware files in SharePoint and OneDrive via the [Microsoft Defender XDR ](https://security.microsoft.com/quarantine?viewid=Files)**[Quarantine](https://security.microsoft.com/quarantine?viewid=Files)**[ page](https://security.microsoft.com/quarantine?viewid=Files). For example, supported activities include recovering files, deleting files, and downloading files in password-protected ZIP files. These activities are limited to files that were not already quarantined by Microsoft Defender for Cloud Apps.
101
98
> Actions will only show for connected apps.
102
-
>
103
99
104
100
## Activity governance actions
105
101
@@ -114,6 +110,7 @@ These actions are restricted to users with specific administrative roles. If the
114
110
-**Governance actions in apps** - Granular actions can be enforced per app, specific actions vary depending on app terminology.
115
111
116
112
-**Suspend user** – Suspend the user from the application.
113
+
117
114
> [!NOTE]
118
115
> If your Microsoft Entra ID is set to automatically sync with the users in your Active Directory on-premises environment the settings in the on-premises environment will override the Microsoft Entra settings and this governance action will be reverted.
0 commit comments