Block 64 continues to add to our discovery capabilities. Historically, Active Directory has been used a benchmarking tool during discovery. By pulling back the data from a customer’s Active Directory, Block 64 is able to have an initial list of devices that we would expect to be a part of the inventory. By cross-referencing Active Directory with what has been discovered we can understand what percentage of the environment has been scanned, and proactively discover where there may be issues that require troubleshooting.
These capabilities have now been expanded to include Azure Active Directory. Azure Active Directory has seen an increased market presence and so being able to discover Azure Active Directory is an important addition to Block 64’s discovery capabilities.
This Article will outline how to add Azure Active Directory to your discovery and some things to note when using Azure Active Directory as a benchmark.
How to add Azure Active Directory
Azure Active Directory is currently discoverable via the Block 64 Application. After installing the application and confirming your email address, users can select either a Simple or Custom deployment.
A simple deployment is used when entering the most common requirements for discovery. Typically this will be a list of IP subnet ranges in scope for discovery, windows credentials, a domain controller, and a customer's Microsoft 365 credentials. For many customers, Azure Active Directory Credentials are the same as their Microsoft 365 credentials. Clicking the use same credentials to authenticate Azure AD check box will enable both credentials to be authenticated using the same account.
If you have two separate sets of credentials, completing a custom deployment should be used instead. While completing the custom deployment, additional credentials can be entered as required.
If after the initial configuration if you would like to add more credentials into scope, clicking on setting and then credentials can enable you to add in and reauthenticate any additional credentials needed.
Reporting
If an Azure Active Directory was added into scope, there are a few things to note when interpreting the data. First, Azure Active Directories are known to have a larger variety of device types in them when compared to a traditional Active Directory. For example, we would expect to see Mobile Devices included in an Azure Active Directory, but not in a traditional Active Directory. Since Active Directories are used to benchmark the completion percentage, the additional devices could affect the overall completion. The Windows application currently has discovery capabilities for both Windows and Linux devices so filtering to focus on them is recommended.
When viewing the completion chart on the Block 64 discovery application, the count of discovered devices will represent the potentially discoverable devices of Azure AD, AD, or both. Drilling down to Azure Active Directory is also an option on the Block 64 application. By clicking on device or ad counts, a user can see all devices found in an Azure AD
In the Combine, Azure Active Directory data can be viewed in the Active Directory section. Since Azure Active Directory is showing Active Directory data, it makes sense for the view to be aggregated there. Similarly to the Discovery Application, data shown in this section can make up data from Active Directory, Azure Active Directory, or both.