Device Security
Integrate Device Security with Microsoft Entra ID
Table of Contents
                    
          Expand All
          |
          Collapse All
        
        Device Security Docs
Integrate Device Security with Microsoft Entra ID
        Integrate Device Security through Cortex XSOAR with Microsoft Entra ID via
        Microsoft Intune.
    
    
  | Where Can I Use This? | What Do I Need? | 
|---|---|
| 
 | One of the following subscriptions: 
 
                                    One of the following Cortex XSOAR setups:
                                 
 | 
Device Security integrates with Microsoft Entra ID (formerly Azure Active
            Directory) through Cortex XSOAR to learn about devices and device attributes
            stored as device identities. As an identity and access management solution,
            Microsoft Entra ID provides information about device enrollment status and user
            information, in addition to device attributes.
        
            Integrating with Microsoft Entra ID requires having
            a Microsoft Intune license. Microsoft Intune provides the MAC addresses
            that Device Security uses to match assets from Microsoft Entra ID to the
            Device Security asset inventory. Microsoft Entra ID uses device identities to
            store device information, and Microsoft Intune helps facilitate the
            registration and enrollment of devices for access to internal resources.
            Device Security uses the information learned from Microsoft Entra ID and
            Microsoft Intune to enrich the asset inventory with new assets, additional
            asset attributes, and user enrollment information related to devices.
        
            Through the integration, Device Security can learn the following device attributes
            from Microsoft Entra ID:
        
- Device name
- OS group
- OS version
- Ethernet address
- Wi-Fi MAC address
- Email address of the user registered to a device
- Microsoft Entra ID device ID
- Device enrollment type
- User principal name
- Model
- Manufacturer
- Serial number
            When Device Security receives information for devices already in its inventory, it
            incorporates any additional information from Microsoft Entra ID into the data it
            previously gathered from network traffic and behavior analysis. For devices that are
            not already in the Device Security assets inventory, Device Security creates new
            entries with the data that Microsoft Entra ID provides.
        
            Integrating with Microsoft Entra ID requires either a
            full-featured Cortex XSOAR™ server
            or the
            activation of a Device Security
            free
            cohosted Cortex XSOAR instance.
        
