This article explains the multiple tenant-wide configurations supported by BloodHound Enterprise. The configurations can be changed by a BloodHound Administrator in ⚙️ > Administration > BloodHound Configuration.
When enabled, BloodHound Enterprise will perform data reconciliation and retention. The configuration also allows for the changing of the default retention time. See Data reconciliation and retention.
When enabled, BloodHound Enterprise will enforce expiration of API keys based on a configured rotation period. This configuration applies to personal API tokens, non-personal API tokens, and collector client API tokens. See API key expiration.
When enabled, BloodHound Enterprise will prevent false-positive CanRDP findings for Citrix VDAs.This configuration adds to the CanRDP edge conditions that a non-administrative principal must also be a member of the computer’s local “Direct Access Users” group, which Citrix created to allow non-brokered access to VDAs.