One term used for privileged Admin accounts that exist outside of protected groups is ‘stealthy admins’. They are less protected and less monitored than those within protected groups, and can consequently provide a major security risk.
The team at Preempt Security has discovered an automatically generated stealthy admin account in hybrid on-premise/Azure Microsoft Office 365 (O365) deployments.
One aspect of the Preempt Platform’s operation is to investigate and prevent insider threats, and this in turn involves detecting insider opportunities for escalating privileges. Escalation involves acquiring the rights of or using a privileged administrator account; and for this reason admin accounts should always be given greater protection.
