Skip to content

My Environment🔗

My Environment

Select Identity from the Taegis Menu and choose My Environment for an overview of your identities and other quick view metrics such as the number of identities, groups, devices, and apps that Taegis™ IDR is monitoring within your environment.

A series of cards runs across the top of the page with counts of active Identities, Groups, Devices, and Apps from your environment. Select a card to view more information.

Identities🔗

The Identities view provides a list of identities that have been captured from your Identity Provider. The following quick-view information about users appears above the full card or list view:

  • Identities Not Protected by MFA — A count of users that do not have multi-factor authentication (MFA) configured on their account
  • Dormant Accounts — A count of users that have not logged in within the last 90 days
  • Admin Accounts — A count of users that have an admin role within the Microsoft Entra ID tenant

Identity Icons and Tags🔗

Identities have a different icon based on the account type to help you quickly identify whether they might be an Admin or Guest. These appear in the card view, Risky Users widget, and within the Identity Details page. Accounts show the following icons and tags to help you quickly distinguish their related attributes.

Account Icons

Adjust Identities View🔗

Use the following controls to adjust the Identities view:

  • Switch between card view or list view using the icons above the table.
  • By default, users are sorted alphabetically by name. Alter the sort using the drop-down menu above the table.
  • Filter the identities by name using the Search My Environment field.

  • Filter the identities by their attributes:

    • Status — The status of the identity within the Identity Provider (e.g., Microsoft Entra ID)
    • Department — The Department of the user if defined within the Identity Provider
    • Employee Type — The type of employee if defined within the Identity Provider
    • Is Admin — Whether the user has the Admin flag set within the Identity Provider
    • Is Guest — Whether the user is a guest within the Identity Provider
    • Is Dormant — Whether the user is considered dormant (i.e., has not logged in within the last 90 days)
    • Has MFA — Whether the user has MFA configured on their account within the Identity Provider
    • Has Passwordless MFA — Whether the user has a stronger MFA method defined such as passwordless MFA
    • Country — The user's country if defined within the Identity Provider
    • Region — The user's region if defined within the Identity Provider
    • MFA Method — Displays users filtered by the selected MFA method(s), if applicable

Note

Not all filters may be populated. Some of the information gathered depends on whether it is configured within the Identity Provider and is available to collect.

Adjust Card View🔗

When viewing users in card view:

  • Select the down arrow at the bottom of a card to expand the card to view more details. Only one card can be expanded at a time.

Adjust List View🔗

When viewing users in list view:

  • Select the arrow at the left of a row to expand the row to view more details.
  • Select the menu icon of any column to pin, auto size, reset, and add or remove columns.

Export Identities🔗

To export the list of users to a CSV file, select Export All or Export Filtered Results from above the table. When your download is ready, it appears in the Data Exports table.

View Identity Details🔗

Select the Display Name at the top of a card in card view or from the list view table to navigate to the Identity Details.

Take Response Action🔗

If relevant Automations have been configured in your tenant, you can perform response actions on a user. Select the Actions menu from an expanded card in card view, or the Actions column in list view and choose the desired response action.

Identity Actions🔗

If you have Automations playbooks enabled for Entra ID, you can see various Actions available for the selected user. See our Knowledge Base Article: How To: Setting Up IDR Automation Playbooks for details on how to enable this Automation.

Identity Automation Actions

Groups🔗

The Groups view provides a list of groups that have been captured from your Identity Provider. Search groups using the search field above the table, or use the filters to filter the table by:

  • Mail Enabled — Whether the group is mail enabled (i.e., email can be sent to the group)
  • Security Enabled — Whether the group is security enabled (i.e., can be used to control user access to resources)
  • Assignable to Roles — Whether the group is assignable to roles
  • Deleted — Whether the group is deleted within the Identity Provider

Note

More details about Microsoft Entra ID groups can be found under Security groups and mail-enabled security groups.

Group Details🔗

Select a group from the Groups view to open a dedicated details page with retrieved group metadata and a table of identities associated with the group.

Devices🔗

The Devices view provides a list of devices that have been registered within your Microsoft Entra ID tenant. Devices consist of both personal or company owned devices that users can access company resources from.

Search devices using the search field above the table, or use the filters to filter the table by:

  • State — The state of the device as reported by the Identity Provider
  • Status — The status of the device (e.g., personal, company, unknown device) as reported by the Identity Provider
  • Operating System — The operating system as reported by the Identity Provider
  • Architecture — The device architecture as reported by the Identity Provider
  • Manufacturer — The device manufacturer as reported by the Identity Provider
  • Model — The device model as reported by the Identity Provider
  • Rooted — Whether the device is reported to have been rooted by the Identity Provider
  • Managed — Whether the device is considered managed by the Identity Provider
  • Compliant — Whether the device is considered compliant by the Identity Provider

Note

Not all details may be available for a device as it is subject to what is provided by the Identity Provider. More details about Microsoft Entra ID devices can be found under Device Identity.

Device Details🔗

Select a device from the Devices view to open a dedicated details page listing retrieved device metadata and tabular views of Related Findings, Associated Identities, and more depending on the type of device.

Apps🔗

The Apps view provides a list of the Enterprise Applications registered within your Microsoft Entra ID tenant. Enterprise Applications are a type of service principal (non-human identity) that is the local representation, or application instance, of a global application object in a single tenant or directory. In this case, a service principal is a concrete instance created from the application object and inherits certain properties from that application object. A service principal is created in each tenant where the application is used and references the globally unique app object. The service principal object defines what the app can actually do in the specific tenant, who can access the app, and what resources the app can access.

See the Microsoft documentation for more information about Entra ID and their service principle objects.

App Details🔗

Select an app from the Apps view to open a dedicated details page listing retrieved metadata and tabular views of Related Findings and App Owners.