Do not sync krbtgt_AzureAD to Entra ID
Why This Matters
The krbtgt_AzureAD account is a built-in on-premises account used by Microsoft Entra Connect during initial synchronization. If this account is accidentally synced to Entra ID, it creates a hidden security principal that could be misused for privilege escalation or lateral movement. Administrators must ensure this account is excluded from synchronization to maintain a clean and secure identity environment.
What Aether365 Checks
Aether365 verifies whether a synchronized krbtgt_AzureAD account exists in your Entra ID tenant. This check appears in the Aether365 dashboard under the microsoft-365 service category and is flagged as a Medium severity issue.