Block 64 continues to add to our discovery capabilities. Historically, Active Directory has been used a benchmarking tool during discovery. By pulling back the data from a customer’s Active Directory, Block 64 is able to have an initial list of devices that we would expect to be a part of the inventory. By cross-referencing Active Directory with what has been discovered we can understand what percentage of the environment has been scanned, and proactively discover where there may be issues that require troubleshooting.
These capabilities have now been expanded to include Microsoft Entra ID. Microsoft Entra ID has seen an increased market presence and so being able to discover Microsoft Entra ID is an important addition to Block 64’s discovery capabilities.
This Article will outline how to add Microsoft Entra ID to your discovery and some things to note when using Microsoft Entra ID as a benchmark.
How to add Microsoft Entra ID
Microsoft Entra ID is currently discoverable via the Block 64 Application. After installing the application and confirming your email address, users can select either a Simple or Custom deployment.
A simple deployment is used when entering the most common requirements for discovery. Typically this will be a list of IP subnet ranges in scope for discovery, windows credentials, a domain controller, and a customer's Microsoft 365 credentials. For many customers, Microsoft Entra ID Credentials are the same as their Microsoft 365 credentials. Clicking the use same credentials to authenticate Microsoft Entra ID check box will enable both credentials to be authenticated using the same account.
If you have two separate sets of credentials, completing a custom deployment should be used instead. While completing the custom deployment, additional credentials can be entered as required.
If after the initial configuration if you would like to add more credentials into scope, clicking on setting and then credentials can enable you to add in and reauthenticate any additional credentials needed.
If an Microsoft Entra ID was added into scope, there are a few things to note when interpreting the data. First, Microsoft Entra IDs are known to have a larger variety of device types in them when compared to a traditional Active Directory. For example, we would expect to see Mobile Devices included in an Microsoft Entra ID, but not in a traditional Microsoft Entra ID. Since Active Directories are used to benchmark the completion percentage, the additional devices could affect the overall completion. The Windows application currently has discovery capabilities for both Windows and Linux devices so filtering to focus on them is recommended.
When viewing the completion chart on the Block 64 discovery application, the count of discovered devices will represent the potentially discoverable devices of Microsoft Entra ID, AD, or both. Drilling down to Microsoft Entra ID is also an option on the Block 64 application. By clicking on device or ad counts, a user can see all devices found in an Microsoft Entra ID
In the Combine, Microsoft Entra ID data can be viewed in the Active Directory section. Since Microsoft Entra ID is showing Active Directory data, it makes sense for the view to be aggregated there. Similarly to the Discovery Application, data shown in this section can make up data from Active Directory, Microsoft Entra ID, or both.