# Users The `Users` page provides a list of enumerated users in entire Azure. The list contains the `Enabled`, `On Prem Sync Enabled`, `Privileged`, `Tier 0`, `Risk Score` ,`Exposure Point` and `Issue Counts`.

Users

## User Details Details page contains the `Risk Score` of the user, `Exposure Point`,`Information` and `Issues` panes. {% hint style="info" %} You can analyze objects in the `Graph module` by clicking the `Visualize` button on the upper left side of the `Information Pane`. {% endhint %}

User Details

## Information `Information Pane` can contain different badges to highlight important attributes. | Badge | Description | | -------------- | ------------------------------------------------------------------------------------- | | **Privileged** | Indicates that the object is Privileged. | | **Tier** | Indicates that the object tier according to risk score and importance. | | **Enabled** | Indicates that the object is enabled. | | **Disabled** | Indicates that the object is disabled. | | **Stealth** | Indicates that the object can compromise admin objects with at least one attack path. | `Information Pane` contains `Details`, `Groups`, `Roles`, `Administrative Units`. ## Details Details tab contains attributes below about user object. | Attribute | Description | | ------------------------------- | ------------------------------------------------------------------------------------------------------------ | | Name | The user's primary email address or User Principal Name (UPN), used to log into Azure services. | | First Name | The given name of the user as entered in their profile. | | Last Name | The surname of the user as stored in their profile. | | DisplayName | The full name of the user, commonly displayed in emails and directory listings. | | Email | The user's alternate or contact email address; may be empty if not configured. | | User Principal Name | The unique sign-in name assigned to the user, typically in email address format. | | Enabled | Indicates whether the user account is currently active and allowed to sign in. | | When Created | The date and time when the user account was created in Azure AD. | | Password Last Set | Shows the last time the user changed or was assigned a new password. | | When Deleted | Indicates if and when the account was deleted; a blank value means the account is active. | | Password Policies | Defines any specific password settings applied to the user, such as disabled password expiration. | | SSPR Enabled | Indicates if self-service password reset is enabled for the user. | | SSPR Registered | Shows whether the user has registered for self-service password reset. | | SSPR Capable | Indicates if the user meets the requirements to use self-service password reset. | | **Passwordless Capable** | Shows whether the user is eligible to sign in using passwordless methods like Windows Hello or FIDO2. | | **MFA Registered** | Indicates whether the user has registered for multi-factor authentication (MFA). | | MFA Methods Registered | Lists the MFA authentication methods configured by the user (e.g., phone, app, hardware key). | | MFA Capable | Indicates whether the user is eligible to register for or use MFA. | | **Object ID** | A globally unique identifier (GUID) assigned to the user object in Azure AD. | | Title | The user’s job title or role, often used in organizational directories; blank if not set. | | **User Type** | Defines the user's role in the directory—either "Member" (internal user) or "Guest" (external collaborator). | | **Usage Location** | The country or region assigned to the user, used for licensing and compliance; blank if unset. | | Parent Tenant | The name of the Azure AD tenant where the user account resides. | | **On Prem Sync Enabled** | Shows if the user account is synchronized from an on-premises Active Directory. | | On Prem SID | The user’s security identifier (SID) from the on-premises Active Directory. | | **On Prem Last Sync Date Time** | The last date and time the user's on-premises account was synced to Azure AD. | | Last Sign In Date Time | The most recent date and time the user successfully signed in; blank if no sign-ins have occurred. | ## Groups Groups tab contains a list of groups that the user is a member of. This list also contains `Enabled` and `On Prem Sync Enabled` columns to identify the privilege levels of these groups.

G

## Roles Roles tab contains a list of roles that the user has a session on. This list also contains `Enabled`, and `Built In` columns to identify the whether role is enabled and is built in.

Roles

## Administrative Units Administrative Units tab contains a list of `Administrative Unit Names` that indicates which administrative unit member the user object belongs to.

Administrative Units

## Issues Issues pane contains identified issues on the user object. ![Issues](/files/QJimlySRa7ipd6DuggAG) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.forestall.io/fsprotect/azure-identities/users.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.