Privileged Entity Definitions
Tenable Identity Exposure uses the concept of "privileged" entities in various Indicators of Exposure, Indicators of Attack, and other features. The definition of privileged entities differs between Active Directory and Entra ID:
Active Directory
Privileged entities may encompass privileged users, privileged computer accounts, privileged service accounts, privileged groups, privileged security principals, etc. Privileged entities include the (Local) System user and all direct or indirect (transitive) members of the following natively privileged groups, which are identified internally by their well-known RID/SID, regardless of their names.
-
Account Operators
-
Administrators
-
Backup Operators
-
Cert Publishers
-
Domain Admins
-
Domain Controllers
-
Enterprise Admins
-
Enterprise Domain Controllers
-
Enterprise Key Admins
-
Enterprise Read-Only Domain Controllers
-
Group Policy Creator Owners
-
Key Admins
-
Print Operators
-
Read-Only Domain Controllers
-
Replicators
-
Schema Admins
-
Server Operators
Entra ID
-
A privileged entitlement or permission is one identified as such by Microsoft.
-
A privileged role is an Entra role containing at least one privileged permission as defined by Microsoft.
-
Privileged entities (users, groups, or service principals) are those assigned directly or indirectly (transitively via a role-assignable group) to any privileged Entra role.