Directory Sync Softmatch [CHK-1150]
This customer check verifies if Softmatch for AzureAD synchronization is disabled.
Rationale
If a local Active Directory is synchronized with AzureAD, Softmatch functionality may pose a risk for misuse. Disabling Softmatch after the first synchronization is recommended to prevent potential security breaches.
Fix
An automated fix is available through Attic.
Manual steps:
- Navigate to the AzureAD synchronization settings.
- Locate the Softmatch functionality.
- Change the setting to "disabled".
Impact
Disabling Softmatch reduces the risk of unauthorized access and potential misuse of your environment.
More Information
For more details on Softmatch functionality, refer to Microsoft's official documentation.