Disabling Shields Up
Disabling Shields Up will remove the temporary restrictions and restore standard permissions for Tier Zero and other protected objects and will trigger an alert to the configured email recipients.
To disable Shields Up for a domain
-
From the left navigation menu, choose Security | Prevention.
-
Select the Shields Up tab.
-
Navigate to the Prevention section and open the Shields Up tab.
-
Select the domain where Shields Up is currently enabled.
-
Click Disable Shields Up.
-
Acknowledge that you understand the significance of the action and click Disable Shields Up.
Override Access for Protected Objects
You can grant specific Active Directory users, groups, or computers permission to access objects protected by Shields Up. This allows for controlled exceptions during a Shields Up activation, ensuring that essential accounts retain access to critical resources.
Removing an object from the Override Access list revokes its ability to access protected Tier Zero and system resources when Shields Up is enabled.
To override access:
-
From the left navigation menu, choose Security | Prevention.
-
Select the Shields Up tab.
-
Click the Add Override Access button in the action bar or select a protected domain.
-
From the Add Override Access flyout, enter Active Directory users, groups, or computers that should be allowed to access protected objects while Shields Up is active. Selecting an object will add it to the grid.
-
Use the Remove button to delete entries from the grid.
-
Click Save to confirm your selections.
To remove override access:
-
From the left navigation menu, choose Security | Prevention.
-
Select the Shields Up tab.
-
Select a domain.
-
From the domain details, select the required user, computer, or group and select Remove.
-
Select Remove Override Access to confirms the action and revoke the override access.
Privileged Objects
Privileged objects are the most critical assets within Microsoft Entra ID. Within the Microsoft enterprise access model, Privileged objects in Entra ID include permissions that can delegate management of resources, modify credentials, authentication or authorization policies, and access restricted data.
Security Guardian supports the following Privileged types:
-
Groups
-
Roles
-
Service Principals
-
Tenants
-
Users
The Privileged Objects provider (Security Guardian or BloodHound Enterprise), identifies Entra ID Privileged objects within the Microsoft 365 tenant(s). These objects are then collected and displayed in Security Guardian.
Privileged Objects List
The Privileged Objects list displays all of the Privileged objects that have been collected by the Privileged objects provider (Security Guardian or BloodHound Enterprise) as well as any that have been manually-added by users.
|
|
NOTE: If BloodHound Enterprise is configured and you see the message No New Privileged Objects, check the BloodHound Enterprise Configuration Status. Review the configuration connection message details to determine whether the connection to SpecterOps has been successful. Review the Last Configuration Received, Next Configuration Synchronization, and the status of the configuration. |
To access the Privileged Objects list:
From the On Demand left navigation menu, choose Security | Privileged Objects. The following information displays for each Privileged object:
|
|
NOTE: If you click the Filter button, you can filter displayed results by any one of these criteria. |
From the Privileged Objects list, you can:
