Removing a Manually-added Privileged Object
You can remove Privileged objects that have been manually added by a user from the Privileged Objects list.
|
|
NOTE: Privileged objects added by the Privileged provider (Security Guardian or BloodHound Enterprise) cannot be removed via On Demand. |
Note that, if you remove a manually-added object from the Privileged list, it will no longer be monitored and if re-added, it will revert to being Not Certified, regardless of its status when it was removed.
To remove a manually-added Privileged object:
-
From the Privileged Objects list, the object(s) you want to remove.
-
Click Remove Privileged.
|
|
NOTE: If any Privileged objects added by the Privileged provider are in the selection, the Remove Privileged option will be disabled. |
You will be prompted to confirm the action.
Certifying Privileged Objects
Certification is a means by which you can verify that any object identified by the Privileged provider or added manually by a user as Privileged qualifies as Privileged. Once certified, it will be used to establish a baseline for generating Findings for Detected and Hygiene Indicators.
By default, any object added as Privileged (which includes objects in the initial list collected by the Privileged provider), its status is Not Certified. This encourages you, as a Security Guardian administrator, to review each object for Privileged account security risks.
|
|
EXCEPTION: Because they pose the highest security risk to your Entra ID environment, Privileged Tenant objects identified by the Privileged provider (Security Guardian or BloodHound Enterprise) are certified automatically. |
You can certify one or multiple objects from the Privileged Objects list, or individually from the Investigate Finding page or within a New Privileged Object's Details view on the Dashboard.
It is strongly recommended that any manually-added Privileged objects that, after review, have not been certified as Privileged be removed.
To certify Privileged objects from the Privileged list:
-
From the Privileged Objects list, select the object(s) you want to certify.
-
Click Certify Privileged.
To certify a Privileged object from the Findings Investigation page:
Click Certify Privileged Object.
You will be prompted to confirm the certification. The confirmation dialog also includes a check box that allows you to dismiss the Finding at the same time.
|
|
NOTE: Once a Privileged object has been certified, it will no longer display in the New Privileged Objects tile on the Dashboard. |
Exporting the Privileged Objects List
You can export the complete, unfiltered Privileged objects list to a .csv file, which can be shared with stakeholders and used for security assessment engagements.
To export the Privileged objects list:
From the Privileged Objects page, click Export to CSV.
The file is exported to your Downloads folder with the file name export_{timestamp}_{a GUID}.csv and includes the following information:
-
Display Name
-
Principal Name
-
Tenant
-
Object Type
-
Date Added
-
Added By
-
Certification Status
Assessments
Assessments are a set of Discoveries that are evaluated against collected data to identify vulnerabilities in your organization's Active Directory domain(s) and/or Entra ID tenant(s). They run automatically once added, and then run periodically, depending on how often data is collected. This allows you to identify which objects within scope contain vulnerabilities that require further investigation and remediation.
To access Assessments functionality:
From the left navigation menu, choose Security | Assessments.
