ITDR
Viewing the Entra ID Issue Details Grouped by Severity
To help you prioritize which vulnerabilities to fix first, the Entra ID dashboard categorizes the issues using risk scores in its scans and reports. The issues are categorized into four vulnerability levels (Critical, High, Medium, and Low) and are represented as a bar chart on the Entra ID dashboard. The Severity chart gives you an overview of the risk composition of the Entra ID tenant. You can drill down to a specific issue to further investigate and remediate the issue.
To view the issue details grouped by severity:
- Go to ITDR > Dashboard > Entra ID.
On the Entra ID Dashboard:
- Select an Entra ID tenant from the Result for drop-down menu.
- Select a timestamp from the scanned on drop-down menu.
The scan result for the Entra ID tenant appears.
Click Severity.
The Issues by Severity page appears. The issues are grouped by severity level and are listed under the tabs (All, Critical, High, Medium, and Low).
Select a tab, and then select an issue to view the following information:
- Vulnerability issue and attack details:
- Issue: The issue name.
- Type Of Risk: The type of risk (e.g., Best Practice Violations, Insecure Privilege Management, Weak Authentication Measures, etc.).
- Severity: The severity level of the risk (Critical, High, Medium, or Low).
- Remediation: The remediation assessment (Easy, Moderate, or Difficult).
- MITRE ATT&CK Tactics: The type of MITRE ATT&CK tactic (e.g., Privilege Escalation, Collection, etc.).
- What is the issue?: The description of the vulnerability issue.
- What is the impact?: The consequences of the attack.
- References: Click a reference link to view the Microsoft documentation or any other documentation to understand the issue context and remediation.
Who is affected?: A list of identities that are vulnerable to attack.
Click Export as CSV to export the affected identities as a CSV file, click Copy Table to copy specific columns from the table, and click Actions to automatically remediate Entra ID issues.
- Remediation: The remediation description and assessment (Easy, Moderate, Difficult). For every remediation step, you can view:
- How to fix?: Steps to manually remediate the issue.
- Commands: A command that you can run in PowerShell to remediate the issue.
- Caveats: Warnings to consider before remediating the issue.
- References: A link to the Microsoft documentation or any other documentation that provides remediation details.
- Vulnerability issue and attack details: