立即与支持人员聊天
与支持团队交流

Security Guardian Current - User Guide

Introducing Quest Security Guardian Using the Dashboard Tier Zero Objects Privileged Objects Assessments Findings Security Settings Appendix - Security Guardian Indicator Details

Privileged Objects

Privileged objects are the most critical assets within Microsoft Entra ID. Within the Microsoft enterprise access model, Privileged objects in Entra ID include permissions that can delegate management of resources, modify credentials, authentication or authorization policies, and access restricted data.

Security Guardian supports the following Privileged types:

  • Groups

  • Roles

  • Service Principals

  • Tenants

  • Users

The Privileged Objects provider (Security Guardian or BloodHound Enterprise), identifies Entra ID Privileged objects within the Microsoft 365 tenant(s). These objects are then collected and displayed in Security Guardian.

Privileged Objects List

The Privileged Objects list displays all of the Privileged objects that have been collected by the Privileged objects provider (Security Guardian or BloodHound Enterprise) as well as any that have been manually-added by users.

NOTE: If BloodHound Enterprise is configured and you see the message No New Privileged Objects, check the BloodHound Enterprise Configuration Status from within On Demand Audit. Review the configuration connection message details to determine whether the connection to SpecterOps has been successful. Review the Last Configuration Received, Next Configuration Synchronization, and the status of the configuration.

 

To access the Privileged Objects list:

From the On Demand left navigation menu, choose Security | Privileged Objects. The following information displays for each Privileged object:

  • Display Name

  • Principal Name

  • Tenant

  • Object Type

  • Date Added

    NOTE: This field displays the signed-in user's local date and time.

  • Added By (Security Guardian, BloodHound Enterprise, or User)

  • Certification Status

NOTE: If you click the Filter button, you can filter displayed results by any one of these criteria.

From the Privileged Objects list, you can:

Viewing Privileged Object Details

To view a Privileged object's details:

From the Dashboard Uncertified Privileged Objects tile or from the Privileged Objects list, click the object's Display Name.

The following Object Properties are identified for the selected Privileged object:

  • Certification Status

  • Added By (Security Guardian, BloodHound Enterprise or User)

  • Display Name

  • Object ID

  • Object Type

  • Principal Name, Tenant, and Tenant ID (for Tenant objects)

  • Service Principal type (for Service Principal objects)

  • NOTE: This field may be populated only if On Premises Sych is enabled.

  • Role Template ID (for Role objects)

  • User Type (for User objects)

  • Security Identified (for Group objects)

  • Principal Name

  • On Premises Name (for User and Group objects, if On Premises Synch is enabled)

  • On Premises SID for User and Group objects, if On Premises Synch is enabled)

  • On Premises Domain (for User and Group objects, if On Premises Synch is enabled)

  • Date Added

  • NOTE: This field displays the signed-in user's local date and time.

  • Information Last Updated

Why Privileged?

This section provides the reason why the object is considered Privileged. If the object was added by the provider (Security Guardian or Bloodhound Enterprise), the reason is returned by the provider. If the object was manually added by a user, the reason is "Manually added as Tier Zero" or "manually added as Privileged" by <user_principal_that_added_object>".

Adding Privileged Objects Manually

You can add Privileged objects manually for Entra ID objects that were not identified as Privileged by the Privileged provider but are considered critical assets in your organization.

  1. Use one of the following options:

  2. For each Privileged object you want to add:

    1. Enter the object's Principal Name, or type at least two characters then select the object from the drop-down. (Note that a message will display if the object is already Privileged.)

      The object will be added to the Principal Name list.

    2. In the Principal Name list, select object(s) you want to add.

  3. Click Save.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级