Integrate Device Security with Microsoft Entra ID
Focus
Focus
Device Security

Integrate Device Security with Microsoft Entra ID

Table of Contents

Integrate Device Security with Microsoft Entra ID

Integrate Device Security through Cortex XSOAR with Microsoft Entra ID via Microsoft Intune.
Where Can I Use This?What Do I Need?
  • Device Security (Managed by Strata Cloud Manager)
  • (Legacy) IoT Security (Standalone portal)
One of the following subscriptions:
  • Device Security subscription for an advanced Device Security product (Enterprise Plus, Industrial OT, or Medical)
  • Device Security X subscription
One of the following Cortex XSOAR setups:
  • A free, cohosted, limited-featured Cortex XSOAR instance
  • A full-featured Cortex XSOAR server
Device Security integrates with Microsoft Entra ID (formerly Azure Active Directory) through Cortex XSOAR to learn about devices and device attributes stored as device identities. As an identity and access management solution, Microsoft Entra ID provides information about device enrollment status and user information, in addition to device attributes.
Integrating with Microsoft Entra ID requires having a Microsoft Intune license. Microsoft Intune provides the MAC addresses that Device Security uses to match assets from Microsoft Entra ID to the Device Security asset inventory. Microsoft Entra ID uses device identities to store device information, and Microsoft Intune helps facilitate the registration and enrollment of devices for access to internal resources. Device Security uses the information learned from Microsoft Entra ID and Microsoft Intune to enrich the asset inventory with new assets, additional asset attributes, and user enrollment information related to devices.
Through the integration, Device Security can learn the following device attributes from Microsoft Entra ID:
  • Device name
  • OS group
  • OS version
  • Ethernet address
  • Wi-Fi MAC address
  • Email address of the user registered to a device
  • Microsoft Entra ID device ID
  • Device enrollment type
  • User principal name
  • Model
  • Manufacturer
  • Serial number
When Device Security receives information for devices already in its inventory, it incorporates any additional information from Microsoft Entra ID into the data it previously gathered from network traffic and behavior analysis. For devices that are not already in the Device Security assets inventory, Device Security creates new entries with the data that Microsoft Entra ID provides.
Integrating with Microsoft Entra ID requires either a full-featured Cortex XSOAR server or the purchase and activation of an Device Security third-party integration add-on license, which comes with a free cohosted Cortex XSOAR instance. The basic plan includes a license for three integration add-ons, one of which can be used for Microsoft Entra ID. The advanced plan includes a license for all supported third-party integrations.