Detections
Analytics
Verify Permissions Related to Microsoft Entra Connect Accounts
critical
Language:
Description
Permissions for Microsoft Entra Connect accounts (MSOL) must be sane due to their impact on the entire Active Directory domain.
Solution
A security assessment of the permissions applied on Microsoft Entra Connect accounts can identify those that you can safely remove.
See Also
Indicator Details
Name: Verify Permissions Related to Microsoft Entra Connect Accounts
Codename: C-AAD-CONNECT
Severity: Critical
Type: Active Directory Indicator of Exposure
- Tactic: TA0003 - Persistence
- Techniques: T1098 - Account Manipulation
Attacker Known Tools
Fox-IT: adconnectdump
Gentil Kiwi: mimikatz