Security assessment: Edit misconfigured certificate templates owner (ESC4) (Preview)

This article provides an overview of Microsoft Defender for Identity's Misconfigured certificate templates owner (ESC4) security posture assessment report.

What is a misconfigured certificate template owner?

A certificate template is an Active Directory object with an owner, who controls access to the object and the ability to edit the object.

If the owner permissions grant a built-in, unprivileged group with permissions that allow for template setting changes, an adversary can introduce a template misconfiguration, escalate privileges, and compromise the entire domain.

Examples of built-in, unprivileged groups are Authenticated users, Domain users, or Everyone. Examples of permissions that allow for template setting changes are Full control or Write DACL.

How do I use this security assessment to improve my organizational security posture?

  1. Review the recommended action at https://security.microsoft.com/securescore?viewid=actions for a misconfigured certificate template owner. For example:

    Screenshot of the Edit misconfigured certificate templates owner (ESC4) recommendation.

  2. Research why the template owner might be misconfigured.

  3. Remediate the issue by changing the owner to a privileged and monitored user.

Make sure to test your settings in a controlled environment before turning them on in production.

Note

While assessments are updated in near real time, scores and statuses are updated every 24 hours. While the list of impacted entities is updated within a few minutes of your implementing the recommendations, the status may still take time until it's marked as Completed.

Next steps