Microsoft Defender for Identity Can Now Detect Insecure Domain Configurations
Microsoft Defender for Identity is getting a new update that enables IT admins to identify insecure domain configurations in their environments. These security capabilities aim to protect businesses from Kerberos resource-based constrained delegation relay attacks.
Specifically, Microsoft Defender for Identity provides real-time monitoring to detect two default configurations that are vulnerable to security breaches. These insecure domains could allow threat actors to gain system privileges by exploiting the Kerberos relaying (KrbRelayUp) hacking tool.
“Configuring Active directory optimal security has always been top of mind for the Microsoft Defender for Identity team and its research them, recent attacks, such as KrbRelayUp, had repeatedly shown us how certain, often default, settings can be used against their intended purpose and result in an identity compromise,” said Or Tsemah, Senior Product Manager for Microsoft Defender for Identity.
Microsoft highlighted that the “Set ms-DS-MachineAccountQuota” configuration lets attackers configure up to 10 accounts on the target network. The evaluation capability for this default configuration is now available for all users.
Additionally, Microsoft advises IT Pros to enforce the “Require signing” LDAP policy setting because “unsigned network traffic” is subject to man-in-the-middle (MITM) attacks. Basically, LDAP is a directory service protocol that lets users access files, servers, apps, and other IT resources. The firm plans to release the LDAP configuration detection capability within the “next two weeks.”
Microsoft Defender for Identity to add support for configurations
To get started with the new security assessment tool, IT admins can head to the Secure Score section of the Microsoft 365 Defender portal. Now, review the list of improvement actions to find insecure domain configurations. IT Pros can modify or remove the affected configurations as needed.
Overall, it’s great to see that Microsoft is improving its security tools to protect enterprise customers from potential exploitation. Meanwhile, the company also plans to add support for more security posture configuration detections to its Microsoft Defender for Identity solution.
More in Security
Slack Releases Fix for Critical Bug That Exposed Hashed Passwords for Years
Aug 8, 2022 | Rabia Noureen
Microsoft Defender Experts for Hunting Lets Businesses Proactively Hunt Security Threats
Aug 4, 2022 | Rabia Noureen
VMware Releases Updates to Address Critical Authentication Bypass Flaw
Aug 3, 2022 | Rabia Noureen
Microsoft Defender Gets New Security Tools Powered By RiskIQ's Threat Intelligence
Aug 2, 2022 | Rabia Noureen
Microsoft Exchange Servers Hit By Stealthy IIS Backdoors
Jul 27, 2022 | Rabia Noureen
Securing IoT with Azure Sphere
Jul 25, 2022 | John Lunn
Most popular on petri