ITDR
Adding an Entra ID Object to the Safelist
On the Detailed Findings and Recommendations page for an Entra ID issue in the Entra ID dashboard, you can view the list of Entra ID objects (users and service principals) that are vulnerable to attack. You can review these objects to confirm that they are not a risk and mark them as safe.
Adding objects to the safelist impacts the unified risk score on the Entra ID Dashboard.
After you add objects to a safelist, they disappear from the Who is affected? section on the Detailed Findings and Recommendations page and vulnerability report for that particular issue only. These objects are not marked safe if you select a different issue in the same Entra ID tenant.
To add an object to the safelist:
- Go to ITDR > Dashboard > Entra ID.
- On the Entra ID Dashboard:
- Select an Entra ID tenant from the Result for drop-down menu.
Select a timestamp from the scanned on drop-down menu.
The scan result for the Entra ID tenant appears.
Under Detailed Findings and Recommendations, click an issue.
- On the Detailed Findings and Recommendations page, scroll down to the Who is affected? section for the selected issue.
- Add objects to the safelist using one of the following methods:
To add a specific item to the object safelist, click the Shield icon to mark an object safe.
To add multiple items to the object safelist, select the items, and click Add Objects to Safelist.
In the Add to Safelist window, enter a reason for marking this Entra ID object safe and set an expiration date if needed.
If you are adding multiple objects to the safelist simultaneously, the same reason and expiration date are applied to all those objects.
Click Save.
The Entra ID object is added to the safelist. You can view and manage it from the Entra ID Object Safelist.
