PREVENT-9

Description

Enforce MFA for SMS Provider calls

Summary

Configure a requirement for multi-factor authentication to access WMI/AdminService on SMS Providers to help prevent an attacker with only an SCCM administrator's username and password from compromising the hierarchy.

Linked Defensive IDs

PREVENT-20: Block unnecessary connections to site systems

Associated Offensive IDs

EXEC-1: Application deployment
RECON-4: Query client devices via CMPivot
TAKEOVER-5: NTLM coercion and relay to AdminService on remote SMS Provider

References

Microsoft, Enable MFA for SMS Provider Calls

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

prevent-9_description.md

prevent-9_description.md

PREVENT-9

Description

Summary

Linked Defensive IDs

Associated Offensive IDs

References

Files

prevent-9_description.md

Latest commit

History

prevent-9_description.md

File metadata and controls

PREVENT-9

Description

Summary

Linked Defensive IDs

Associated Offensive IDs

References