Certification is a means by which you can verify that any object identified by the provider (Security Guardian or BloodHound Enterprise) or added manually by a user as Privileged qualifies as Privileged. Once certified, it will be used to establish a baseline for generating Findings for Detected and Hygiene Indicators.

By default, any object added as Privileged (which includes objects in the initial list collected by the provider), its status is Not Certified. This encourages you, as a Security Guardian administrator, to review each object for Privileged account security risks.

EXCEPTION: Because they pose the highest security risk to your Entra ID environment, Privileged Tenant objects identified by the provider are certified automatically.

You can certify one or multiple objects from the Privileged Objects list, or individually from the Investigate Finding page or within an Uncertified Privileged Object's Details view on the Dashboard.

It is strongly recommended that any manually-added Privileged objects that, after review, have not been certified as Privileged be removed.

You can also uncertify any Privileged object, except a Tenant object, that has been previously certified.

 

To certify Privileged objects from the Privileged Objects list:

  1. From the Privileged Objects list, select the object(s) you want to certify.

  2. Click Certify Privileged.

To certify a Privileged object from the Findings Investigation page:

Click Certify Privileged Object.

You will be prompted to confirm the certification. The confirmation dialog also includes a check box that allows you to dismiss the Finding at the same time.

NOTE: Once a Privileged object has been certified, it will no longer display in the Uncertified Privileged Objects tile on the Dashboard.

To uncertify a Privileged Object from the Privileged Objects list:

  1. From the Privileged list, select the object you want to uncertify.

NOTE: Only one certified object can be uncertified at a time. If more than one object is selected, or if a Tenant object is selected, the option to uncertify will not be available.

  1. Click Uncertify Privileged.

NOTE: Once a Privileged object has been uncertified, it will display in the Uncertified Privileged Objects tile on the Dashboard.