Microsoft Entra ID (Azure AD) and Microsoft Intune
Overview
Microsoft Entra ID (Azure AD) and Microsoft Intune are cloud-based Identity and Access Management (IAM) services providing secure authentication, Single Sign-On (SSO), Multi-Factor Authentication (MFA), and access control to Microsoft 365, Azure services, and enterprise applications. Entra ID helps organizations manage users, groups, devices, and application access while enabling security features like conditional access and identity protection.
Use cases the adapter solves
Connecting Microsoft Entra ID and Intune to Axonius allows you to gain full visibility into users, devices, groups, and applications in your environment. Using this adapter, you can:
- Identify devices missing required security or monitoring agents.
- Detect devices excluded from vulnerability assessments.
- Evaluate user and group permissions.
- Analyze application permissions and configuration data.
- Monitor identity, device, and application activity for compliance and security purposes.
Types of Assets Fetched
Devices | 
Users | 
Software | 
Application Extensions | 
Admin Managed Extensions | 
User Initiated Extensions | 
Application Add-On | 
Roles | 
Groups | Licenses | 
Application Settings | 
Application Extension Instances | 
Admin Managed Extension Instances | 
User Initiated Extension Instances | 
Application Add-On Instances | 
Application Keys | 
Activities | 
SaaS Applications | 
Organizational Units | 
Accounts/Tenants | 
Secrets | 
Certificates | 
Permissions | 
Configurations
Data Retrieved from Microsoft Entra ID (Azure AD) and Microsoft Intune
- Devices: Device name, ID, join type (hybrid/Azure), compliance status, OS details, last sign-in, BitLocker config (Windows), owner attributes, mobile device management data.
- Users: UPN, display name, email, group/role memberships, licenses, sign-in activity, authentication methods, manager info, photo (optional), custom attributes, mailbox usage.
- Groups: Group metadata, memberships, types (security/dynamic), assigned licenses.
- Software and Extensions: Installed applications, browser extensions, custom security attributes.
- Configurations and Permissions: Conditional Access policies, roles/assignments, audit logs, application settings, service principal details.
- General Fields: Last sign-in timestamp, activity logs, real-time updates (if enabled).
Note:
- Last Seen based on sign-in or status change timestamps.
- Custom attributes fetched via beta APIs (if enabled).
- SaaS data includes user extensions and audit logs for compliance tracking.
Before You Begin
Authentication Methods
The adapter can be connected using one of the following authentication methods:
- Enterprise Application (Client ID / Client Secret) – Recommended for standard connections.
- Enterprise Application (Certificate) – Recommended for certificate-based authentication.
- OAuth – Supports delegated access and user approval flows.
- Username / Password – Only for fetching SaaS application data.
Required Permissions
- Cyber Administrator
- Device Manager
Device.Read.AllUser.Read.AllDirectory.Read.AllApplication.Read.AllAuditLog.Read.All
More Information About This Adapter
Updated 2 days ago