Account discovery is the technique that allows an adversary to enumerate domain accounts in order to obtain situational awareness on a target network.
This can easily be prevented:
(Assuming you installed the MSOnline module)
Connect-MsolService
Then Sign in with an account in Azure Active Directory that has the Global administrator role assigned.Perform multi-factor authentication, when prompted.
Execute the following line of PowerShell to configure the Azure AD tenant:
Set-MsolCompanySettings -UsersPermissionToReadOtherUsersEnabled $falseCheck to see the setting is active:
Get-MsolCompanyInformation | select UsersPermissionToReadOtherUsersEnabled UsersPermissionToReadOtherUsersEnabled False
No comments:
Post a Comment