Secure Score - Accounts with non-default Primary Group ID

Question

Hi all, I am getting a report that the object (computer) on AzureADKerberos active directory does not have a correct Primary Group ID; I have checked and see no anomalies; does anyone else have this report?

liorshapira · Answer

micheleariis&nbsp;This is a new security posture report we've released a few days ago.The report contains entities with a non-default primary group id that may indicate of&nbsp;an attacker attempt to escalate privileges subtly, bypassing standard audits for group membership changes.We will raise a report if the primary group id of an account is not one of the defaults, or the primary group id is different from the group that considered as primary. If that not the case, please open a support ticket so we can investigate the issue.&nbsp;

micheleariis · Answer

LiorShapira&nbsp;thank you for your response.I can't understand why I am getting flagged for the AzureADKerberos account.

liorshapira · Answer

micheleariis&nbsp;Thanks for your feedback, this account should not be included, and we are working on a fix. The recommendation will be updated in a couple of days.&nbsp;

micheleariis · Answer

LiorShapira&nbsp;Thank you for your response.I will point out that there are also other recommendations that have already been implemented in my environment, which, however, is reported to me as being executed-Ensure that user consent for apps that access company data on their behalf is not allowed-Enable Microsoft Login ID Identity Protection user risk policies-Ensure that all privileged accounts have the configuration flag "this account is sensitive and cannot be delegated"

micheleariis · Answer

+ Enable conditional access policies to block legacy authentication+Make sure the Password expiration policy is set to Set passwords as never-expiring (recommended)LiorShapira&nbsp;&nbsp;

Forum Discussion

Secure Score - Accounts with non-default Primary Group ID

Share

Resources