We utilize Entra Connect Sync and have E5 licensing which gives us access to MDE, MDI and various other Defender services. Our Entra Connect Sync has been flagged by the MDI agent installed on it with the following issue:
Remove unnecessary replication permissions for Entra Connect AD DS Connector Account
We utilize Password Hash Sync and Password Writeback in our installation and the MSOL account associated with Entra Connect Sync has been falsely flagged as needing the replication permissions removed in order to clear. In good faith, I attempted the remediation suggested which broke Entra Connect Sync after which I restored the original permissions and still being flagged as needing remediation.
I initially tried Microsoft Support to resolve who stated this issue was out of scope and the case was closed after they suggested opening a ticket via Entra portal which resulted in no ability to open a ticket against it, only suggestions which led me here ultimately. At the time, the link they provided me led to an Azure site which required a personal Microsoft Account to login -- we are a business and do not utilize personal Microsoft Accounts. The Team Lead for Microsoft Support contacted me stating they regret the issue has not been solved but that the issue is out of scope for his team.
I then tried Copilot which helped me troubleshoot the issue and resulted in our Entra Connect Sync MSOL account permissions are correct and provided several PowerShell scripts to validate the permissions and concluded the Secure Score entry was a false-positive based on our configuration. It suggested that we open a case with Microsoft Support (see above) or MRSC. I attempted to open a case with MSRC which was rejected as a non-MSRC case.
Copilot then suggested excluding the MSOL account for the specific rule but I find that's only hiding the issue than resolving it.
How can I get this false-positive to the correct product group to resolve? I have my previous case# from Microsoft Support and all the troubleshooting case notes I did with Copilot. This is bringing our Secure Score down artificially when the problem is a false-positive.
I've literally been running in circles around this and this appears to be my last avenue to try and get this issue raised to the right product team for resolution.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 57.00000000000001%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECW%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 28.000000000000004%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECK%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 94%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBH%3C/text%3E%3C/svg%3E)