An improper default configuration gives employees unnecessary administrative privilege without their knowledge, making them ideal targets for hackers.
Microsoft today issued a security advisory to alert users to an improper default configuration in Azure AD Connect, which increases the number of "stealthy admins" on corporate networks and makes businesses more vulnerable to targeted attacks.
Microsoft released 34 security fixes in its December batch of security updates, which affect Windows, Office, Office Services and Web Apps, Exchange Server, Microsoft Malware Protection
Engine, Internet Explorer, Edge, and ChakraCore.
Microsoft's advisory for Azure AD Connect was published for an unpatchable issue related to the security configuration settings for the Active Directory Domain Services (AD DS) account used by Azure AD Connect when syncing to a directory. Default settings often give non-administrative employees permissions they don't need.
Digging further into the issue, the researchers learned businesses were prone to having more stealthy admins when they installed Microsoft Office 365 with Azure AD Connect in on-premise environments, and used Azure AD Connect to connect between on-premise and the cloud.
Microsoft's Security Advisory 4056318 advises admins to avoid using the Account operators group since by default, members of this group have reset password permissions to objects under the User container.
The company also recommends moving the AD DS account used by Azure AD Connect, and other privileged accounts, into an Organization Unit that is only accessible by highly trusted admins. When giving reset password permissions to specific users, limit their access to only user objects they are supposed to manage.