Summary
Configure a requirement for multi-factor authentication to access WMI/AdminService on SMS Providers to help prevent an attacker with only an SCCM administrator’s username and password from compromising the hierarchy.Linked Defensive IDs
Associated Offensive IDs
- EXEC-1: Application deployment
- RECON-4: Query client devices via CMPivot
- TAKEOVER-5: NTLM coercion and relay to AdminService on remote SMS Provider