Identity Defense Current - User Guide

Introducing Quest Identity Defense Audit
Configuring Audit Working with Audit
Using the Audit Dashboard Searching for specific event data (Quick Search) Working with critical activity Working with searches Working with alerts and notification templates Auditing Microsoft Entra Auditing Microsoft 365
Findings Tier Zero Objects Shields Up Protection (Prevention) Privileged Objects Managing Workload Identities Assessments Hybrid Audit Identity Defense Settings Appendix - Available Audit Search Columns and Filters Appendix - Identity Defense Indicator Details Appendix - Data Collection Details Documentation Roadmap

Built-in Assessments

Identity defense includes built-in Security Assessments for Active Directory and/or Entra ID. They contain all pre-defined Discoveries provided by Quest and are run on all domains and/or tenants configured in Security Management Platform for your organization.

NOTE: If no domains or tenants are configured for data collection, the status message Configuration Required will display in the All Assessments list.

Pre-defined Discoveries are added automatically to Assessments as they are released by Quest.

NOTE: Built-in Assessments cannot be edited or deleted.

Using Identity Defense Intelligence with Assessments

Identity Defense Intelligence helps you ask focused questions tailored to your environment, providing valuable insights into the security posture of your organization’s Active Directory and Entra ID systems. It highlights critical vulnerabilities and issues identified during assessments and offers practical recommendations for remediation. You can choose to view a high-level summary across all your organizations or dive into detailed findings for specific domains or tenants.

NOTE:

  • Before you can access the Identity Defense Intelligence assistance, you need to read and accept the AI Terms of Use.

  • To refresh the Identity Defense Intelligence content in the flyout, click the AI Icon next to the Active Directory domain name or Entra ID tenant name.

To access Identity Defense Intelligence for Assessments:

  1. From the left navigation menu, choose Defend | Assessments.

  2. Select the Identity Defense Intelligence button or the icon in the Results column.

  3. Select one of the following to access more information: 

    • Type your question.

    • Click Summary to view an overview of all Active Directory and Entra ID assessments.

    • Click the Identity Defense Intelligence icon next to the Active Directory domain or Entra ID tenant to view only the associated Assessment summary information.

  4. Review the provided information and delve deeper into the issue if needed.

The summary information includes: 

  • The analyzed workload, including the number of issues found and the total objects collected for the Assessment.

  • Security Posture Summary.

  • Top vulnerabilities identified.

  • Suggested follow-up questions to guide further investigation.

All Assessments List

 

The All Assessments tab displays a list of all Assessments (both built-in and user-created) for the organization along with the following information for each:

  • Assessment name (with a link to Assessment Details)

  • Active Directory domain or Entra ID tenant containing the assessed objects (with the option to Link to Results)

  • Identity Defense Intelligence: Access Identity Defense Intelligence by clicking the icon next to the Active Directory domain or Entra ID tenant in the Link to Results column. See Using Identity Defense Intelligence with Assessments.

  • Assessment Summary: The Assessment Summary is an AI-generated report that provides insights and a high-level overview of assessment results across your organization. See Viewing Assessment Summary Information.

  • Workload (Active Directory or Entra ID)

  • Created By either:

  • Status of the Assessment:

    Configuration Required

    NOTE: This status is used to indicate the absence of an Active Directory domain or Entra ID tenant in Security Management Platform for the organization. This may be because:

    • A domain or tenant has not yet been added to Security Management Platform, which will prevent the built-in Assessment from running.

    • The domain or tenant selected for the Assessment has since been removed from Security Management Platform.

    • When the Assessment was created, all available domains or tenants were excluded.

    Agent Required (See Configuring Additional Components -Hybrid Agent)
    No Data Collected
    No Vulnerabilities Found
    n Vulnerabilities Found

  • Date and time when data was Last Collected

    NOTE: This field displays the signed-in user's local date and time.

Creating an Assessment

In addition to using the built-in Assessment provided by Quest, you can create your own Assessments based on available Discoveries.

To create an Assessment:

  1. From the All Assessments tab click Create.

  2. Select the Workload (Active Directory or Entra ID)

  3. Enter an Assessment Name and Description.

  4. If you want to Automatically add Discoveries as they are released by Quest, check this box.

    NOTE: If you check this box and all pre-defined Discoveries that are provided by Quest will be added to the Assessment as they become available.

  5. Click Select Discoveries to display a list of available Discoveries for the workload.

  6. Select each Discovery you want to add to the Assessment, then click Select.

  7. For Domains or Tenants (depending on the workload you selected), select the Active Directory domains or Entra ID tenants that you want to Run this Assessment for. Use the information in the following table for guidance.

    Option Steps to Complete
    Only selected domains
    OR
    Only selected tenants

    • Select Only selected domains or Only selected tenants from the drop-down.

    • Click Select Domains or Select Tenants and select each domain or tenant you want to add to the Assessment, then click Select.

    The selected domain(s) or tenant(s) will display in the list.

    All except selected domains OR
    All selected tenants

    • Select All except selected domains or All except selected tenants from the drop-down.

    • Click Exclude Domains or Exclude Tenants

    • Select the domain(s) or tenant(s) you want to exclude from the Assessment.

    • Click Exclude.

    Excluded domains or tenants will display in the list. However, when you view the Assessment, all domains or tenants will display and those that are excluded are identified in the Status column.

    All domains

    OR

    All tenants

    Select All domains or All tenants.

    All domains or tenants configured for your organization will display in the list.

  8. Click Save.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating