pingcastle.onmicrosoft.com - Healthcheck analysis

Date: 2022-07-17 - Engine version: 1.0.0.0 Beta

This report has been generated with the Basic Edition of PingCastle ?.
Being part of a commercial package is forbidden (selling the information contained in the report).
If you are an auditor, you MUST purchase an Auditor license to share the development effort.

AzureAD Indicators

This section focuses on the core security indicators.
Locate the sub-process determining the score and fix some rules in that area to get a score improvement.

Indicators

050100

Domain Risk Level: 0 / 100

It is the score computed based on the rules that matched during the analysis

Maturity Level

This section represents the maturity score (inspired from ANSSI).

This feature is reserved for customers who have purchased a license

MITRE ATT&CK®

This section represents an evaluation of the techniques available in the MITRE ATT&CK®

This feature is reserved for customers who have purchased a license

Rules

All rule details

No rule matched

Tenant Information

This section shows the main technical characteristics of the tenant.

Tenant NameTenant IDCreation dateRegion
pingcastle.onmicrosoft.comb0138eda-0e4f-4290-a40a-8a9220ca0cea2019-09-03 12:30:55ZEU

Business card

pingcastle.com

Contacts information

TypeContact

On premise Information

This section shows information about the local Active Directory domain.

Synchronization information

DirectorySynchronizationStatusLastDirSyncTimeLastPasswordSyncTimeDirSyncApplicationTypeDirSyncClientMachineNameDirSyncClientVersionDirSyncServiceAccount
Disabled

Information about on premise domain

This section displays potential information about the local Active Directory

The local SID couldn't be detected

Internet Presence

DNS Domains registered for the tenant

This section shows information about the DNS domains registered.

NameIsInitialAuthenticationCapabilitiesStatusVerified by
pingcastle.comFalseManagedNoneVerifiedDnsRecord
pingcastle.onmicrosoft.comTrueManagedEmail, OfficeCommunicationsOnlineVerifiedDnsRecord

Internet networks registered for the tenant

This section shows information about the Networks registered.

External Tenants

Cross tenants

This section shows information about trusted tenants.

This information is extracted from https://docs.microsoft.com/en-us/azure/active-directory/external-identities/cross-tenant-access-settings-b2b-direct-connect

TenantIdTenant NameAllowB2BFromAllowB2BToAllowNativeFederationFromAllowNativeFederationTolastModified

External Tenant in use

NameRegionTenantIDNumber of domainsGuestsCountMemberCountTotal
vinci.comEU6612aa33-55a2-4f05-ad52-359bbfce03741011

Users

This section gives information about the user accounts stored in AzureAD

Account analysis

Nb User AccountsNb User GuestsNb User MembersNb User External MembersNb User Internal MembersNb User Internal Members sync on premiseNb User Internal Members Pure AzurePassword never expires
30312020

Users ratio

Guest users (3) over all users (0)
External members (1) over all members (3)
Pure Azure member(2) over all members (3)

Admins

Groups

This section is focused on the groups which are critical for admin activities. If the report has been saved which the full details, each group can be zoomed with its members. If it is not the case, for privacy reasons, only general statistics are available.

Group NameCritical? ?Nb Admins ?No MFA ?On premise accountsPassword Never ExpiresLastPasswordChangeTimestamp
Company AdministratorTrue11001
Application AdministratorFalse00000
Application DeveloperFalse00000
Attack Payload AuthorFalse00000
Attack Simulation AdministratorFalse00000
Attribute Assignment AdministratorFalse00000
Attribute Assignment ReaderFalse00000
Attribute Definition AdministratorFalse00000
Attribute Definition ReaderFalse00000
Authentication AdministratorTrue00000
Authentication Policy AdministratorFalse00000
Azure AD Joined Device Local AdministratorFalse00000
Azure DevOps AdministratorFalse00000
Azure Information Protection AdministratorFalse00000
B2C IEF Keyset AdministratorFalse00000
B2C IEF Policy AdministratorFalse00000
Billing AdministratorFalse00000
Cloud App Security AdministratorFalse00000
Cloud Application AdministratorFalse00000
Cloud Device AdministratorFalse00000
Compliance AdministratorFalse00000
Compliance Data AdministratorFalse00000
Conditional Access AdministratorFalse00000
Customer LockBox Access ApproverFalse00000
Desktop Analytics AdministratorFalse00000
Device JoinFalse00000
Device ManagersFalse00000
Device UsersFalse00000
Directory ReadersFalse00000
Directory Synchronization AccountsFalse00000
Directory WritersFalse00000
Domain Name AdministratorFalse00000
Dynamics 365 AdministratorFalse00000
Edge AdministratorFalse00000
Exchange AdministratorFalse00000
Exchange Recipient AdministratorFalse00000
External ID User Flow AdministratorFalse00000
External ID User Flow Attribute AdministratorFalse00000
External Identity Provider AdministratorFalse00000
Global ReaderFalse00000
Groups AdministratorFalse00000
Guest InviterFalse00000
Helpdesk AdministratorTrue00000
Hybrid Identity AdministratorFalse00000
Identity Governance AdministratorFalse00000
Insights AdministratorFalse00000
Insights AnalystFalse00000
Insights Business LeaderFalse00000
Intune AdministratorFalse00000
Kaizala AdministratorFalse00000
Knowledge AdministratorFalse00000
Knowledge ManagerFalse00000
License AdministratorFalse00000
Lifecycle Workflows AdministratorFalse00000
Message Center Privacy ReaderFalse00000
Message Center ReaderFalse00000
Network AdministratorFalse00000
Office Apps AdministratorFalse00000
Partner Tier1 SupportFalse00000
Partner Tier2 SupportFalse00000
Password AdministratorFalse00000
Permissions Management AdministratorFalse00000
Power BI AdministratorFalse00000
Power Platform AdministratorFalse00000
Printer AdministratorFalse00000
Printer TechnicianFalse00000
Privileged Authentication AdministratorTrue00000
Privileged Role AdministratorFalse00000
Reports ReaderFalse00000
Search AdministratorFalse00000
Search EditorFalse00000
Security AdministratorFalse00000
Security OperatorFalse00000
Security ReaderFalse00000
Service Support AdministratorFalse00000
SharePoint AdministratorFalse00000
Skype for Business AdministratorFalse00000
Teams AdministratorFalse00000
Teams Communications AdministratorFalse00000
Teams Communications Support EngineerFalse00000
Teams Communications Support SpecialistFalse00000
Teams Devices AdministratorFalse00000
Usage Summary Reports ReaderFalse00000
User AdministratorTrue00000
Virtual Visits AdministratorFalse00000
Windows 365 AdministratorFalse00000
Windows Update Deployment AdministratorFalse00000
Workplace Device JoinFalse00000

Applications

All applications

Here is a list of the application defined on AzureAD.

Display NameExternal AppApplication PermissionsCritical? ?Delegated PermissionsCritical? ?Roles ?Critical? ?Azure Role ?
test-pingcastle-cloudFalse2False1False101
Microsoft Office 365 PortalTrue0False0False313
Office 365 Message Encryption PortalTrue0False1False000
Graph ExplorerTrue0False6True000
PingCastleProFalse2False2False101
Microsoft.Azure.SyncFabricTrue0False0False101
PingCastleEnterpriseFalse0False1False000
testFalse0False1False000

External tenant usage

This is the list of external tenant having least at an application with a role

Tenant IDTenant NameApp exampleCount
72f988bf-86f1-41af-91ab-2d7cd011db47Office 365 Message Encryption Portal2
f8cdef31-a31e-4b4a-93e4-5f571e91255aMicrosoft Office 365 Portal2

Outlook online

Email forward

This is the list of mailbox with a forward setting targetting a mailbox inside or outside of this tenant

MailboxDestinationExternal