Share via

Unassuming access over Domain Controller VMs means to gaining privileged access in Active Directory.

Bhavesh Khare 1 Reputation point
2023-08-01T13:28:20.79+00:00

Hi Everyone,

I met with new security incident in my environment. I will try to explain.

Domain User 'A' without having any administrator rights in Active Directory but in Azure same user have Virtual Machine Contributor role over Domain Controllers VM.

Now, domain user 'A' can add any Domain user into Domain Administrator group. :-(

I do not aware whether this is known behavior or any solution exist around this.

Please help me to find a way.

Thank you!

Azure Role-based access control
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
968 questions
Microsoft Security Microsoft Entra Other

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Michael Durkan 12,236 Reputation points MVP
    2023-08-01T13:36:10.46+00:00

    Hi

    may be unrelated, but this post by MVP Jeffrey Appel may shed some light on this. If you are running Azure Arc in your Hybrid environment and have your Domain Controllers onboarded, then any Arc Admin level gives you full admin rights in the on-premises environment.

    https://www.linkedin.com/feed/update/urn:li:activity:7071970201847615488/

    May be worth a look - I know this is also Defender-related as well.

    Hope this helps,

    Thanks

    Michael Durkan

    • If the reply was helpful please upvote and/or accept as answer as this helps others in the community with similar questions. Thanks!
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.