When you configure your Azure Active Directory in the Cloud Identity Engine, you can now enable the collection of role and administrator attributes. Allowing the Cloud Identity Engine to collect role and administrator attributes from your Azure Active Directory helps strengthen the security of your network by providing information that can help to prevent attacks from malicious actors based on role, such as privilege escalation and lateral movement.

Enabling the Collect Roles and Administrators (Administrative roles) option allows the Cloud Identity Engine to retrieve roles assigned for users and groups based on the roleAssignments attribute. This directory information provides critical data to help enforce your identity-based Security policy consistently across devices in your network.

If you associate the Cloud Identity Engine with Cortex XDR, the Cloud Identity Engine automatically enables this option so that you can combine the security that Cortex XDR provides with the data collection capabilities of the Cloud Identity Engine to provide more robust security for your network. Including role and administrator information from your Azure directory presents a more comprehensive view of user identity and authorization, allowing the Cloud Identity Engine to work with Cortex XDR to improve the security posture of your network.