Forum Discussion
Sensitivity Tags for Groups
According to Microsoft Defender for Identity entity tags in Microsoft 365 Defender | Microsoft Learn many groups are automatically tagged as sensitive, I don't see any indication of this in the MDI settings portal at Identities - Microsoft 365 security.
Is this tagging hidden, or is something wrong in my environment?
Or TsemahMicrosoft
Dean_Gross MDI automatically tags members of these groups as Sensitive, you can find it in their identity page
Furthermore, you can manually tag additional identities as sensitive through the settings screens
- I wondered this too after our initial deployment thinking this table would be populated automatically over time and waited.
Yesterday, I was running some PowerShell scripts with my admin account (this account has Security Administrator AAD role and ADDS Domain Admin) from our hybrid exchange server to one of our DCs and I triggered a "Remote code execution" alert in MDI. In the "Important Information" area of the alert, one of the points specify: "Potential sensitive lateral movement path identified to sensitive user(s), that includes *SERVER*."
So, in conclusion, I think the verbiage in that article means, any Identities that satisfy that list of criteria, are automatically and implicitly tagged as sensitive so they won't show up in that table. I went ahead and explicitly added my admin account to that Sensitive Tag table, however.
