Microsoft Entra ID Integrated Into Query to Enrich Federated Search

Microsoft Entra ID (formerly Azure AD) & Active Directory

Query’s integration with Microsoft EntraID (formerly Azure AD) & Active Directory, utilizing Query’s integration with Microsoft’s GraphAPI, allows analysts to do the following:

• Retrieves user directory information as stored in their user profile such as their email and principal name
• Retrieves domain information such as the description and directory groups

For example, the analyst could obtain the following context:

To integrate Microsoft EntraID (formerly AzureAD), see integration documentation here.

The integration will normalize data pulled from Microsoft EntraID, via the GraphAPI, into Query’s OCSF based QDM ( Query Data Model) which then enables cross-platform joins, compounding the analyst’s ability to investigate. Query normalizes Microsoft Intune data into QDM User and Device objects, and Authentication events. Analysts can see key attributes like hostname, Active Directory group names, domains assigned, and other directory information in the QDM device, security finding, and observables objects..

With the federated join capabilities, the analyst can now see context on that entity pulled from additional data sources Query is integrated with.

Based upon additional integrations in your environment, Query can show you:

Originally published at https://www.query.ai on April 10, 2024.