Device Security integrates with Microsoft Entra ID (formerly Azure Active Directory) through Cortex XSOAR to learn about devices and device attributes stored as device identities. As an identity and access management solution, Microsoft Entra ID provides information about device enrollment status and user information, in addition to device attributes.

Integrating with Microsoft Entra ID requires having a Microsoft Intune license. Microsoft Intune provides the MAC addresses that Device Security uses to match assets from Microsoft Entra ID to the Device Security asset inventory. Microsoft Entra ID uses device identities to store device information, and Microsoft Intune helps facilitate the registration and enrollment of devices for access to internal resources. Device Security uses the information learned from Microsoft Entra ID and Microsoft Intune to enrich the asset inventory with new assets, additional asset attributes, and user enrollment information related to devices.

Through the integration, Device Security can learn the following device attributes from Microsoft Entra ID:

When Device Security receives information for devices already in its inventory, it incorporates any additional information from Microsoft Entra ID into the data it previously gathered from network traffic and behavior analysis. For devices that are not already in the Device Security assets inventory, Device Security creates new entries with the data that Microsoft Entra ID provides.

Integrating with Microsoft Entra ID requires either a full-featured Cortex XSOAR server or the purchase and activation of an Device Security third-party integration add-on license, which comes with a free cohosted Cortex XSOAR instance. The basic plan includes a license for three integration add-ons, one of which can be used for Microsoft Entra ID. The advanced plan includes a license for all supported third-party integrations.