Users
The Users page provides a list of enumerated users in entire Azure. The list contains the Enabled, On Prem Sync Enabled, Privileged, Tier 0, Risk Score ,Exposure Point and Issue Counts.
User Details
Details page contains the Risk Score of the user, Exposure Point,Information and Issues panes.
Information
Information Pane can contain different badges to highlight important attributes.
Privileged
Indicates that the object is Privileged.
Tier
Indicates that the object tier according to risk score and importance.
Enabled
Indicates that the object is enabled.
Disabled
Indicates that the object is disabled.
Stealth
Indicates that the object can compromise admin objects with at least one attack path.
Information Pane contains Details, Groups, Roles, Administrative Units.
Details
Details tab contains attributes below about user object.
Name
The user's primary email address or User Principal Name (UPN), used to log into Azure services.
First Name
The given name of the user as entered in their profile.
Last Name
The surname of the user as stored in their profile.
DisplayName
The full name of the user, commonly displayed in emails and directory listings.
The user's alternate or contact email address; may be empty if not configured.
User Principal Name
The unique sign-in name assigned to the user, typically in email address format.
Enabled
Indicates whether the user account is currently active and allowed to sign in.
When Created
The date and time when the user account was created in Azure AD.
Password Last Set
Shows the last time the user changed or was assigned a new password.
When Deleted
Indicates if and when the account was deleted; a blank value means the account is active.
Password Policies
Defines any specific password settings applied to the user, such as disabled password expiration.
SSPR Enabled
Indicates if self-service password reset is enabled for the user.
SSPR Registered
Shows whether the user has registered for self-service password reset.
SSPR Capable
Indicates if the user meets the requirements to use self-service password reset.
Passwordless Capable
Shows whether the user is eligible to sign in using passwordless methods like Windows Hello or FIDO2.
MFA Registered
Indicates whether the user has registered for multi-factor authentication (MFA).
MFA Methods Registered
Lists the MFA authentication methods configured by the user (e.g., phone, app, hardware key).
MFA Capable
Indicates whether the user is eligible to register for or use MFA.
Object ID
A globally unique identifier (GUID) assigned to the user object in Azure AD.
Title
The user’s job title or role, often used in organizational directories; blank if not set.
User Type
Defines the user's role in the directory—either "Member" (internal user) or "Guest" (external collaborator).
Usage Location
The country or region assigned to the user, used for licensing and compliance; blank if unset.
Parent Tenant
The name of the Azure AD tenant where the user account resides.
On Prem Sync Enabled
Shows if the user account is synchronized from an on-premises Active Directory.
On Prem SID
The user’s security identifier (SID) from the on-premises Active Directory.
On Prem Last Sync Date Time
The last date and time the user's on-premises account was synced to Azure AD.
Last Sign In Date Time
The most recent date and time the user successfully signed in; blank if no sign-ins have occurred.
Groups
Groups tab contains a list of groups that the user is a member of. This list also contains Enabled and On Prem Sync Enabled columns to identify the privilege levels of these groups.
Roles
Roles tab contains a list of roles that the user has a session on. This list also contains Enabled, and Built In columns to identify the whether role is enabled and is built in.
Administrative Units
Administrative Units tab contains a list of Administrative Unit Names that indicates which administrative unit member the user object belongs to.
Issues
Issues pane contains identified issues on the user object.
Last updated
Was this helpful?