Two new enhancements are coming to Azure ATP's Identity security posture assessments:


First, we are rolling out new types of Kerberos delegation into Azure ATP's Unsecure Kerberos delegation assessments: Constrained and Resource Based




The new delegation types will show cases when a non-sensitive entity has been configured with constrained Kerberos delegation that points to a sensitive entity and when a sensitive entity has resource based constrained delegation configured for it, both allowing a malicious actor with a potential privilege escalation path if abused.


to make things easier to configure, we will surface the exact delegation details that needs to be removed




Furthermore, we are adding the much-requested Tags and Recommended action columns, where applicable, to show both the associated Tags (e.g. Sensitive) and the Recommend action per entity





We support Ukraine and condemn war. Push Russian government to act against war. Be brave, vocal and show your support to Ukraine. Follow the latest news HERE