Microsoft has published a guide for administrators that explains how to protect corporate Windows environments from KrbRelayUp attacks.
These types of attacks allow hackers to gain system privileges on Windows with factory settings.
According to Microsoft, the tool does not work in organizations' networks with Azure Active Directory cloud environments, but it does help compromise Azure virtual machines in hybrid AD environments where domain controllers are synchronized with AD.
KrbRelayUp attack protection measures were previously only available to enterprise users with a Microsoft 365 E5 subscription. However, the company has now released general guidance.