Accounts that increase attack surface risk | Trend Micro Service Central

Views:

Accounts That Increase Attack Surface Risk are user accounts with configuration settings that make the accounts more vulnerable to cyber attacks.

The Accounts That Increase Attack Surface Risk widget displays the number of accounts detected with settings that increase your organization's attack surface risk over the past 30 days.

Types of risky accounts include:

Synced admin accounts: Highly authorized admin accounts synced between Microsoft Entra ID and Active Directory
Extra admin accounts: Potentially unnecessary admin accounts
Stale accounts: Accounts that have been inactive for over 180 days

For detailed information about detected risky accounts, click View details.

The following table outlines the sections available on the details screen.

Section

Description

Remediation actions

Suggests remediation actions for each type of misconfigured account

Threat Detections with Potential to Exploit Account Configuration Risks

Displays threat detections occurring in Microsoft Entra ID over the last 30 days that have the potential to exploit account configuration risks.

Threat detections types include:

Advanced message attack
Business email compromise
Compromised account
Malware email
Phishing email
RBAC (role-based access control) notification disabled

Accounts That Increase Attack Surface Risk table

Lists accounts in your organization with misconfigured account settings

Tip

Click the account name for more details or to take response actions on the account