Remove dormant accounts from sensitive groups - suggestion

ADM-Griffin2, Jay 121 Reputation points

I removed the dormant accounts from active directory that this suggestion was showing as "Exposed Identities". It says it could take 24 hours for the changes to show up. It has been 6 days. Four out of the 6 accounts I removed no longer show as Exposed Identities. However, two accounts seem to be stuck. I deleted the account from Active Directory 6 days ago but it still shows exposed.

Any suggestions to clear these so the vulnerability goes away?

Azure Policy
Azure Policy
An Azure service that is used to implement corporate governance and standards at scale for Azure resources.
806 questions
Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,216 questions
{count} votes

1 answer

Sort by: Most helpful
  1. ADM-Griffin2, Jay 121 Reputation points

    Found the issue – you must remove them from the Domain Admin group. Deleting the User account does not clear the vulnerability. You must remove them from Domain Admin – then the vulnerability clears.

    So even a deleted account stays in the vulnerability if it was in Domain Admin when you deleted it.

    0 comments No comments