User accounts with unconstrained delegation are reviewed at least annually, and those without an SPN or demonstrated business requirement are removed.
Topic
Microsoft Active Directory Domain Services account hardening
Applicable to
all
History
Sep 2024
User accounts with unconstrained delegation are reviewed at least annually, and those without an SPN or demonstrated business requirement are removed.
The existing control relating to user accounts with unconstrained delegation being reviewed at least annually was slightly reworded to ensure consistent use of terminology with other controls.
Mar 2023
User accounts with unconstrained delegation are reviewed at least annually, and those without an associated Kerberos SPN or demonstrated business requirement are removed.
Thirteen new controls were added covering Microsoft AD DS account hardening.