Microsoft Defender for Identity is getting the ability to detect insecure domain configurations, even when they are Microsoft defaults. Two assessments were described in Microsoft Thursday announcement . Both are related to insecure default Active Directory configurations that are subject to Kerberos resource based constrained delegation relay attacks, which Microsoft described last month . Microsoft had described these vulnerabilities after the publication of the KrbRelayUp hacking tool...

Read the full article at RedmondMag.com