Accounts that increase attack surface risk | Trend Micro Service Central

Views:

Accounts That Increase Attack Surface Risk are user accounts with configuration settings that make them more vulnerable to cyberattacks.

The Accounts That Increase Attack Surface Risk widget displays a record of the number of accounts with settings that increase attack surface risk for the past 30 days.

Types of risky account settings include:

Synced admin accounts: Highly authorized admin accounts synced between Microsoft Entra ID and Active Directory
Extra admin accounts: Potentially unnecessary admin accounts
Stale accounts: Accounts that have been inactive for over 180 days

For detailed information about your risky accounts, click View details.

The following table outlines the sections available on the details screen:

Details Screen Sections

Section

Description

Remediation actions

Suggests remediation actions for each type of misconfigured account settings

Threat Detections with Potential to Exploit Account Configuration Risks

Displays threat detections occurring in Microsoft Entra ID over the last 30 days that have the potential to exploit account configuration risks.

Threat detections types include:

Advanced message attack
Business email compromise
Compromised account
Malware email
Phishing email
RBAC (role-based access control) notification disabled

Accounts That Increase Attack Surface Risk table

Lists accounts in your organization with misconfigured account settings that increase your attack surface risk

Tip

Click the account name for more details or to take response actions on the account