Integrate Device Security with Microsoft SCCM
Focus
Focus
Device Security

Integrate Device Security with Microsoft SCCM

Table of Contents

Integrate Device Security with Microsoft SCCM

Integrate with Microsoft SCCM to import device attributes into the Device Security inventory.
Where Can I Use This?What Do I Need?
  • Device Security (Managed by Strata Cloud Manager)
  • (Legacy) IoT Security (Standalone portal)
One of the following subscriptions:
  • Device Security subscription for an advanced Device Security product (Enterprise Plus, Industrial OT, or Medical)
  • Device Security X subscription
One of the following Cortex XSOAR setups:
  • A free, cohosted, limited-featured Cortex XSOAR instance
    AND
    A Cortex XSOAR Engine (on-premises integration)
  • A full-featured Cortex XSOAR server
Microsoft System Center Configuration Manager (SCCM) is a suite of management solutions for user and device management. By integrating it with Device Security, you can import device attributes from SCCM into Device Security for devices in its inventory.
Import the following device attributes from SCCM for devices in the Device Security inventory:
  • MAC address (Device Security links data from SCCM to devices by MAC address.)
  • IP address
  • Serial number
  • Model
  • Vendor
  • Disk encryption status
  • Windows installed patches
  • Windows unique identifier
  • SCCM site name
  • SCCM domain name
The attributes that Device Security imports from SCCM are supplementary. If Device Security has already discovered values for the IP address, serial number, model, and vendor of a device, it doesn’t overwrite them with values from SCCM. It only imports attributes for fields for which it doesn’t yet have a value. You can see the IP address, serial number, vendor, and model on the Devices page and all imported attributes on the Device Details page.
Device Security can import device attributes from the SCCM SQL server for one or more SQL databases, which is sometimes necessary for large deployments spanning multiple locations. In these cases, you create one Cortex XSOAR integration instance and job for each database.
Integrating with Microsoft SCCM requires either a full-featured Cortex XSOAR server or the purchase and activation of an Device Security third-party integration add-on license, which comes with a free cohosted Cortex XSOAR instance. The basic plan includes a license for three integration add-ons, one of which can be used for this. The advanced plan includes a license for all supported third-party integrations.