Viewing Privileged Object Details
To view a Privileged object's details:
From the Dashboard Uncertified Privileged Objects tile or from the Privileged Objects list, click the object's Display Name.
The following Object Properties are identified for the selected Privileged object:
-
Certification Status
-
Added By (Security Guardian, BloodHound Enterprise or User)
-
Display Name
-
Object ID
-
Object Type
-
Principal Name, Tenant, and Tenant ID (for Tenant objects)
-
Service Principal type (for Service Principal objects)
-
|
|
NOTE: This field may be populated only if On Premises Sych is enabled. |
-
Role Template ID (for Role objects)
-
User Type (for User objects)
-
Security Identified (for Group objects)
-
Principal Name
-
On Premises Name (for User and Group objects, if On Premises Synch is enabled)
-
On Premises SID for User and Group objects, if On Premises Synch is enabled)
-
On Premises Domain (for User and Group objects, if On Premises Synch is enabled)
-
Date Added
|
|
NOTE: This field displays the signed-in user's local date and time. |
-
Information Last Updated
Below the object properties are one or more object-specific sections:
For Tenants: Objects with control of <tenant_name>
For Roles: Active Assignments
For Service Principals and Users:
For groups:
Why Privileged?
This section provides the reason why the object is considered Privileged. If the object was added by the provider (Security Guardian or Bloodhound Enterprise), the reason is returned by the provider. If the object was manually added by a user, the reason is "Manually added as Tier Zero" or "manually added as Privileged" by <user_principal_that_added_object>".
Adding Privileged Objects Manually
You can add Privileged objects manually for Entra ID objects that were not identified as Privileged by the provider (Security Guardian or BloodHound Enterprise) but are considered critical assets in your organization.
-
Use one of the following options:
-
For each Privileged object you want to add:
-
Enter the object's Principal Name, or type at least two characters then select the object from the drop-down. (Note that a message will display if the object is already Privileged.)
The object will be added to the Principal Name list.
-
In the Principal Name list, select object(s) you want to add.
-
Click Save.
Removing a Manually-added Privileged Object
You can remove Privileged objects that have been manually added by a user from the Privileged Objects list.
|
|
NOTE: Privileged objects added by the provider (Security Guardian or BloodHound Enterprise) cannot be removed via On Demand. |
Note that, if you remove a manually-added object from the Privileged list, it will no longer be monitored and if re-added, it will revert to being Not Certified, regardless of its status when it was removed.
To remove a manually-added Privileged object:
-
From the Privileged Objects list, the object(s) you want to remove.
-
Click Remove Privileged.
|
|
NOTE: If any Privileged objects added by the provider are in the selection, the Remove Privileged option will be disabled. |
You will be prompted to confirm the action.
Certifying Privileged Objects
Certification is a means by which you can verify that any object identified by the provider (Security Guardian or BloodHound Enterprise) or added manually by a user as Privileged qualifies as Privileged. Once certified, it will be used to establish a baseline for generating Findings for Detected and Hygiene Indicators.
By default, any object added as Privileged (which includes objects in the initial list collected by the provider), its status is Not Certified. This encourages you, as a Security Guardian administrator, to review each object for Privileged account security risks.
|
|
EXCEPTION: Because they pose the highest security risk to your Entra ID environment, Privileged Tenant objects identified by the provider are certified automatically. |
You can certify one or multiple objects from the Privileged Objects list, or individually from the Investigate Finding page or within an Uncertified Privileged Object's Details view on the Dashboard.
It is strongly recommended that any manually-added Privileged objects that, after review, have not been certified as Privileged be removed.
You can also uncertify any Privileged object, except a Tenant object, that has been previously certified.
To certify Privileged objects from the Privileged Objects list:
-
From the Privileged Objects list, select the object(s) you want to certify.
-
Click Certify Privileged.
To certify a Privileged object from the Findings Investigation page:
Click Certify Privileged Object.
You will be prompted to confirm the certification. The confirmation dialog also includes a check box that allows you to dismiss the Finding at the same time.
|
|
NOTE: Once a Privileged object has been certified, it will no longer display in the Uncertified Privileged Objects tile on the Dashboard. |
To uncertify a Privileged Object from the Privileged Objects list:
-
From the Privileged list, select the object you want to uncertify.
|
NOTE: Only one certified object can be uncertified at a time. If more than one object is selected, or if a Tenant object is selected, the option to uncertify will not be available. |
-
Click Uncertify Privileged.
|
|
NOTE: Once a Privileged object has been uncertified, it will display in the Uncertified Privileged Objects tile on the Dashboard. |
