Update replace-entra-connect-default-admin.md

LiorShapiraa · web-flow · commit bcfe3620373e · 2025-03-16T13:27:21.000+02:00
diff --git a/ATPDocs/replace-entra-connect-default-admin.md b/ATPDocs/replace-entra-connect-default-admin.md
@@ -17,7 +17,7 @@ This article describes Microsoft Defender for Identity's Microsoft Entra Connect
 
 ## Why might using an Enterprise or Domain Admin account for the Microsoft Entra Connect AD DS Connector be a risk?
 
-Smart attackers often target Microsoft Entra Connect in on-premises environments due to the elevated privileges associated with its AD DS Connector account (typically created in Active Directory with the MSOL**_** prefix). Using an **Enterprise Admin** or **Domain Admin** account for this purpose significantly increases the attack surface, as these accounts have broad control over the directory.
+Smart attackers often target Microsoft Entra Connect in on-premises environments due to the elevated privileges associated with its AD DS Connector account (typically created in Active Directory with the MSOL_ prefix). Using an **Enterprise Admin** or **Domain Admin** account for this purpose significantly increases the attack surface, as these accounts have broad control over the directory.
 
 Starting with [Entra Connect build 1.4.###.#](/entra/identity/hybrid/connect/reference-connect-accounts-permissions), Enterprise Admin and Domain Admin accounts can no longer be used as the AD DS Connector account. This best practice prevents over-privileging the connector account, reducing the risk of domain-wide compromise if the account is targeted by attackers. Organizations must now create or assign a lower-privileged account specifically for directory synchronization, ensuring better adherence to the principle of least privilege and protecting critical admin accounts.
 
