ITDR
Viewing the Entra ID Detailed Findings and Recommendations Details
The Detailed Findings and Recommendations allow you to focus on the top priority vulnerability issues for an Entra ID tenant. You can view a list of the top 5 issues for an Entra ID tenant on the Entra ID dashboard. These are issues and misconfigurations that have the highest impact on your risk score and are the easiest to remediate. You can view additional details about each focus area issue to further investigate and remediate the issue.
To view the focus area details:
- Go to ITDR > Dashboard > Entra ID.
- On the Entra ID Dashboard:
- Select an Entra ID tenant from the Result for drop-down menu.
Select a timestamp from the scanned on drop-down menu.
The scan result for the Entra ID tenant appears.
Click Detailed Findings and Recommendations or click an issue.
The Detailed Findings and Recommendations page appears with the following information:
- The scanned Entra ID tenant name and scan time.
- Issue and attack details:
- Issue: The issue name.
- Type Of Risk: The type of risk (e.g., Best Practice Violations, Insecure Collaboration Settings, Best Practice Violations, etc.).
- Severity: The severity level (Critical, High, Medium, and Low).
- Remediation: The remediation assessment (Easy, Moderate, Difficult).
- MITRE ATT&CK Tactics: The type of MITRE ATT&CK tactic (e.g., Lateral Movement, Initial Access, etc.).
- What is the issue?: The description of the vulnerability issue with videos that demonstrate how an adversary performs the attack.
- What is the impact?: The consequences of the attack.
- References: You can click the reference link to view Microsoft documentation or any other reference document to understand the issue context and remediation.
Who is affected?: A list of affected identities that are vulnerable to attack.
Click Export as CSV to export the affected identities as a CSV file, click Copy Table to copy specific columns from the table, and click Actions to automatically remediate Entra ID issues.
- Remediation details:
If there is a single remediation for an issue, you can view:
- The remediation description and assessment (Easy, Moderate, Difficult).
- How to fix?: Steps to manually remediate the issue.
- Commands: A command that you can run in PowerShell to remediate the issue.
- Caveats: Warnings to consider before remediating the issue.
- References: A link to the Microsoft documentation or any other reference document that provides remediation details.
If there are multiple remediations for an issue, Zscaler ITDR provides a flowchart that breaks down multiple steps into distinct workflows. The workflows in the flowchart are prioritized based on the most suitable remediation to the issue. The most appropriate remediation is listed first, followed by the less suitable ones. After you choose a workflow, you can click the link in an individual step or process to view:
- The remediation description and assessment (Easy, Moderate, Difficult).
- How to fix?: Steps to manually remediate the issue.
- Caveats: Warnings to consider before remediating the issue.
- References: A link to the Microsoft documentation or any other reference document that provides remediation details.
Click Export Remediation Chart to export the flowchart as an SVG file.
Click the Add object to safelist link in a remediation step to add Entra ID objects to the safelist. When you click the link, you are redirected to the Who is affected? table. You can select the Entra ID users or service principals and click Add Objects to Safelist.
