Description
- Type: CUSTOMER
- Severity: WARNING
- Protection against: Social Engineering
- FIX Available: YES
This Customer Check verifies if Softmatch for AzureAD synchronization is disabled.
Why this check?
If a local Active Directory is used and synchronized with AzureAD, then Softmatch functionality poses a risk for misuse. The function is intended to create an initial synchronization between the local AD and Azure, but Microsoft advises to block Softmatch after the first synchronization.
What possible outcomes does the check have?
There are two options: the functionality is either on or off. In Attic, this is reflected as follows:
- Okay: Softmatch is OFF
- Warning: Softmatch is ON
How should this be followed up?
If the check results in an output of Warning, we advise disabling Softmatch.
A Fix is available for this check, which we will offer through Attic.
Comments
0 comments
Please sign in to leave a comment.