Forum Discussion
Solved
Veeam Backup and Replication v11 warning / User changes
Hi everyone,
i recently migrated from ATA to MDI and have 2 questions.
In ATA we could see what a helpdesk worker did to a user account (added to group, changed end date etc). In MDI it seems like we do not get this information. I have set all the Eventlog and audit rights to the DCs and Domain.
Also i get the warning about Veeam B&R with Remote Code execution. How can i built a "least privilege" exclusion on this warning?
A user attempted to execute VeeamVssSupport (C:\Windows\VeeamVssSupport\VeeamGuestHelper.exe) on 2 domain controllers via SvcCtl. The remote execution succeeded.
I do not want to exclude the whole backupservers for this warning or even the domain controllers as "destination". Is there also a possiblity to exclude a file?
Best regards
Stephan
StephanGee We've updated the group membership changes activities in the user timeline ~2 weeks ago. Please let me know if there's a problem.
No one is using Veeam with MDI?
I now defined two interaction proxies and excluded them for the specific warning.For the second questions. I miss this on our "helpdesk admins"
vs MDI
Or is this kind of a special right needed (I am Global Admin).
- LiorShapira
Microsoft
StephanGee regarding your second question, no special role is needed. We are working on adding more information to each activity in the identity timeline, as we see below in "group membership changed" example. This change should be available by the end of the month.
- I could not see anything related in the release notes. https://learn.microsoft.com/en-us/defender-for-identity/whats-new
Was this postponed?
