icon-itdr.svg
ITDR

About the Entra ID Change Detection Object Safelist

After you connect an Entra ID tenant to the Zscaler ITDR Admin Portal, ITDR continuously monitors the Entra ID tenant for any malicious changes that could potentially introduce a new identity and privilege escalation risk. These changes are available to view on the Entra ID Change Detection dashboard. You can review these changes to confirm that they are not a risk and mark them as safe by moving them to the object safelist if the changes are associated with a principal_id.

The Entra ID Change Detection Object Safelist provides the following benefits and enables you to:

  • View the list of Entra ID objects that don't pose a risk and are marked safe.
  • Ensure that the risk score on the Entra ID dashboard reflects the actual risk.

About the Entra ID Change Detection Object Safelist Page

On the Entra ID Change Detection Object Safelist page (ITDR > Settings > Entra ID Change Detection Object Safelist), you can do the following:

  1. Select an Entra ID tenant from the Result for drop-down menu.
  2. View the list of objects that are marked safe. For each object, you can view:
    • Name: The name of the user associated with the issue.
    • Associated Issue: The issue associated with the object.
    • Created On: The date when the change detection was added to the safelist.
    • Created By: The name of the user who added the change detection to the safelist.
    • Reason: The reason why the change detection was added to the safelist.
    • Expiry: The date when the object is deleted from the safelist.
  3. Edit or delete an object from the safelist.
Related Articles
About the Entra ID Change Detection Object SafelistAdding a Change Detection to the Entra ID Change Detection Object SafelistEditing or Deleting an Object from the Entra ID Change Detection Object Safelist