icon-itdr.svg
ITDR

Viewing the Entra ID Detailed Findings and Recommendations Details

The Detailed Findings and Recommendations allow you to focus on the top priority vulnerability issues for an Entra ID tenant. You can view a list of the top 5 issues for an Entra ID tenant on the Entra ID dashboard. These are issues and misconfigurations that have the highest impact on your risk score and are the easiest to remediate. You can view additional details about each focus area issue to further investigate and remediate the issue.

To view the focus area details:

  1. Go to ITDR > Dashboard > Entra ID.
  2. On the Entra ID Dashboard:
    1. Select an Entra ID tenant from the Result for drop-down menu.
    2. Select a timestamp from the scanned on drop-down menu.

      The scan result for the Entra ID tenant appears.

  3. Click Detailed Findings and Recommendations or click an issue.

    The Detailed Findings and Recommendations page appears with the following information:

    • The scanned Entra ID tenant name and scan time.
    • Issue and attack details:
      • Issue: The issue name.
      • Type Of Risk: The type of risk (e.g., Best Practice Violations, Insecure Collaboration Settings, Best Practice Violations, etc.).
      • Severity: The severity level (Critical, High, Medium, and Low).
      • Remediation: The remediation assessment (Easy, Moderate, Difficult).
      • MITRE ATT&CK Tactics: The type of MITRE ATT&CK tactic (e.g., Lateral Movement, Initial Access, etc.).
      • What is the issue?: The description of the vulnerability issue with videos that demonstrate how an adversary performs the attack.
      • What is the impact?: The consequences of the attack.
      • References: You can click the reference link to view Microsoft documentation or any other reference document to understand the issue context and remediation.
      • Who is affected?: A list of affected identities that are vulnerable to attack.

        Click Export as CSV to export the affected identities as a CSV file, click Copy Table to copy specific columns from the table, and click Actions to automatically remediate Entra ID issues.

    • Remediation details:
      • If there is a single remediation for an issue, you can view:

        • The remediation description and assessment (Easy, Moderate, Difficult).
        • How to fix?: Steps to manually remediate the issue.
        • Commands: A command that you can run in PowerShell to remediate the issue.
        • Caveats: Warnings to consider before remediating the issue.
        • References: A link to the Microsoft documentation or any other reference document that provides remediation details.

      • If there are multiple remediations for an issue, Zscaler ITDR provides a flowchart that breaks down multiple steps into distinct workflows. The workflows in the flowchart are prioritized based on the most suitable remediation to the issue. The most appropriate remediation is listed first, followed by the less suitable ones. After you choose a workflow, you can click the link in an individual step or process to view:

        • The remediation description and assessment (Easy, Moderate, Difficult).
        • How to fix?: Steps to manually remediate the issue.
        • Caveats: Warnings to consider before remediating the issue.
        • References: A link to the Microsoft documentation or any other reference document that provides remediation details.

        Click Export Remediation Chart to export the flowchart as an SVG file.

        Click the Add object to safelist link in a remediation step to add Entra ID objects to the safelist. When you click the link, you are redirected to the Who is affected? table. You can select the Entra ID users or service principals and click Add Objects to Safelist.

Related Articles
About the Entra ID DashboardViewing the Entra ID Vulnerability ReportDownloading the Entra ID Vulnerability ReportDownloading the Zscaler ITDR Microsoft Entra ID Executive Summary ReportDownloading the Entra ID Delta ReportViewing the Entra ID Detailed Findings and Recommendations DetailsViewing the Top Vulnerable Entra ID IdentitiesViewing Affected Entra ID Identity DetailsViewing the Entra ID Issue Details Grouped by SeverityViewing Entra ID Issue Details Grouped by Risk TypeViewing the Entra ID Risk Reduction RoadmapViewing the Entra ID Issue Details Grouped by MITRE ATT&CK TechniquesRunning Remediation Actions for Microsoft Entra ID IssuesViewing Entra ID Remediation HistoryDeleting an Entra ID Scan Report