icon-itdr.svg
ITDR

Viewing the Entra ID Issue Details Grouped by MITRE ATT&CK Techniques

You can view the Entra ID issues mapped to MITRE ATT&CK techniques and displayed on a kill chain on the Entra ID Dashboard. The issues are grouped by the following MITRE ATT&CK techniques. You can drill down to a specific issue on the kill chain to further investigate and remediate the issue:

To view the issue details grouped by MITRE ATT&CK techniques:

  1. Go to ITDR > Dashboard > Entra ID.
  2. On the Entra ID Dashboard:
    1. Select an Entra ID tenant from the Result for drop-down menu.
    2. Select a timestamp from the scanned on drop-down menu.

      The scan result for the Entra ID tenant appears.

  3. Click MITRE ATT&CK technique exposure, or click an issue mapped on the horizontal kill chain.

    The Issues by MITRE ATT&CK technique page appears. The issues are grouped by MITRE ATT&CK techniques and are listed under the tabs (All, Initial Access, Execution, Persistence, etc.).

  4. Select a tab, and then select an issue to view the following information:

    • Vulnerability issue and attack details:
      • Issue: The issue name.
      • Type Of Risk: The type of risk (e.g., Privilege Escalation, Weak Authentication Measures, Insecure Privilege Management, etc.).
      • Severity: The severity level of the risk (Critical, High, Medium, and Low).
      • Remediation: The remediation assessment (Easy, Moderate, or Difficult).
      • MITRE ATT&CK Tactics: The type of the MITRE ATT&CK tactic (e.g., Privilege Escalation, Credential Access, etc.).
      • What is the issue?: The description of the vulnerability issue.
      • What is the impact?: The consequences of the attack.
      • References: You can click the reference link to view the Microsoft documentation or any other reference document to understand the issue context and remediation.
      • Who is affected?: A list of affected identities that are vulnerable to attack.

        Click Export as CSV to export the affected identities as a CSV file, click Copy Table to copy specific columns from the table, and click Actions to automatically remediate Entra ID issues.

    • Remediation: The remediation description and assessment (Easy, Moderate, Difficult). For every remediation step, you can view:
      • How to fix?: Steps to manually remediate the issue.
      • Commands: A command that you can run in PowerShell to remediate the issue.
      • Caveats: Warnings to consider before remediating the issue.
      • References: A link to the Microsoft documentation or any other reference document that provides remediation details.

Related Articles
About the Entra ID DashboardViewing the Entra ID Vulnerability ReportDownloading the Entra ID Vulnerability ReportDownloading the Zscaler ITDR Microsoft Entra ID Executive Summary ReportDownloading the Entra ID Delta ReportViewing the Entra ID Detailed Findings and Recommendations DetailsViewing the Top Vulnerable Entra ID IdentitiesViewing Affected Entra ID Identity DetailsViewing the Entra ID Issue Details Grouped by SeverityViewing Entra ID Issue Details Grouped by Risk TypeViewing the Entra ID Risk Reduction RoadmapViewing the Entra ID Issue Details Grouped by MITRE ATT&CK TechniquesRunning Remediation Actions for Microsoft Entra ID IssuesViewing Entra ID Remediation HistoryDeleting an Entra ID Scan Report