Privileged Azure Entra user is synced from on-premises AD

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

Synced accounts, especially those with high privilege levels, are often targeted by attackers and can be used to extend the impact of a breach. This check identifies highly privileged accounts synced to Microsoft Entra ID from on-premises Active Directory.

Remediation

  1. Review the access level of all synced accounts in your tenant.
  2. Exclude all possible privileged accounts from the sync process.
  3. Accounts that require both privileges to on-premises Active Directory and Microsoft Entra ID should be closely scrutinized.
PREVIEWING: rtrieu/product-analytics-ui-changes