icon-itdr.svg
ITDR

Viewing the Entra ID Issue Details Grouped by Severity

To help you prioritize which vulnerabilities to fix first, the Entra ID dashboard categorizes the issues using risk scores in its scans and reports. The issues are categorized into four vulnerability levels (Critical, High, Medium, and Low) and are represented as a bar chart on the Entra ID dashboard. The Severity chart gives you an overview of the risk composition of the Entra ID tenant. You can drill down to a specific issue to further investigate and remediate the issue.

To view the issue details grouped by severity:

  1. Go to ITDR > Dashboard > Entra ID.
  2. On the Entra ID Dashboard:

    1. Select an Entra ID tenant from the Result for drop-down menu.
    2. Select a timestamp from the scanned on drop-down menu.

    The scan result for the Entra ID tenant appears.

  3. Click Severity.

    The Issues by Severity page appears. The issues are grouped by severity level and are listed under the tabs (All, Critical, High, Medium, and Low).

  4. Select a tab, and then select an issue to view the following information:

    • Vulnerability issue and attack details:
      • Issue: The issue name.
      • Type Of Risk: The type of risk (e.g., Best Practice Violations, Insecure Privilege Management, Weak Authentication Measures, etc.).
      • Severity: The severity level of the risk (Critical, High, Medium, or Low).
      • Remediation: The remediation assessment (Easy, Moderate, or Difficult).
      • MITRE ATT&CK Tactics: The type of MITRE ATT&CK tactic (e.g., Privilege Escalation, Collection, etc.).
      • What is the issue?: The description of the vulnerability issue.
      • What is the impact?: The consequences of the attack.
      • References: Click a reference link to view the Microsoft documentation or any other documentation to understand the issue context and remediation.
      • Who is affected?: A list of identities that are vulnerable to attack.

        Click Export as CSV to export the affected identities as a CSV file, click Copy Table to copy specific columns from the table, and click Actions to automatically remediate Entra ID issues.

    • Remediation: The remediation description and assessment (Easy, Moderate, Difficult). For every remediation step, you can view:
      • How to fix?: Steps to manually remediate the issue.
      • Commands: A command that you can run in PowerShell to remediate the issue.
      • Caveats: Warnings to consider before remediating the issue.
      • References: A link to the Microsoft documentation or any other documentation that provides remediation details.

Related Articles
About the Entra ID DashboardViewing the Entra ID Vulnerability ReportDownloading the Entra ID Vulnerability ReportDownloading the Zscaler ITDR Microsoft Entra ID Executive Summary ReportDownloading the Entra ID Delta ReportViewing the Entra ID Detailed Findings and Recommendations DetailsViewing the Top Vulnerable Entra ID IdentitiesViewing Affected Entra ID Identity DetailsViewing the Entra ID Issue Details Grouped by SeverityViewing Entra ID Issue Details Grouped by Risk TypeViewing the Entra ID Risk Reduction RoadmapViewing the Entra ID Issue Details Grouped by MITRE ATT&CK TechniquesRunning Remediation Actions for Microsoft Entra ID IssuesViewing Entra ID Remediation HistoryDeleting an Entra ID Scan Report