What are our most used devices adapters and how are they used? (Part 1 - Active Directory & Endpoint Management)

Today, we will be deep diving into some of the most used devices that we see within the Axonius platform and how we use them. In this first article, we are touching on the top 5 directory and endpoint management tools. As time progresses, we will be adding much of this information to the documentation portal but this is a great way to get started! 

In this article, we will be focusing on the following adapters:

  • Active Directory
  • Azure Active Directory
  • Okta
  • SCCM 
  • JAMF Pro


Active Directory

What does the tool do? Microsoft's Active Directory is a User and Asset management system - it is used by customers to provide authentication and authorization services for users, and access control to systems. ​

What use cases can the adapter solve?

Primarily user and device enumeration are obtained from AD. This populates assets in Axonius and brings rich information about the respective assets such as last logged-on user, Group / OU memberships, OS type, distribution, etc. ​ Ultimately these asset properties lead to informed decision-making. Finding unmanaged Windows systems, with secondary purposes of qualifying other categories of usage, such as the deployment of agents on Windows systems. Discover users with too many permissions, or those not logged in for a certain period of time, etc. ​

What data is retrieved?

Active Directory Adapter will bring back 2 distinct asset classes: Devices and Users. Devices include fields such as Hostname, Domain, OU, Trusts, Site, and Network information (interfaces, VLANs, IPs, MAC, etc.) User fields align with devices, including Account, Password, and Logon details (basically all AD objects relating to the account) ​

Do any enforcements exist? How can they help?

Using Axonius to provide visibility and search ability into AD brings Enforcement Center to the fore. Here devices can be 'decommissioned', moved/segmented based on non-configuration criteria, and user accounts can be modified, enabled, or disabled.

 

Azure Active Directory

What does the tool do?

Azure Active Directory is an Identity and Access Management Service hosted within Microsoft’s Azure public cloud. It allows administrators to manage the provisioning of users, enterprise applications, and devices.

What use cases can the adapter solve?

Connecting Azure AD to Axonius allows you to gain visibility into all registered devices and users that are a part of your Azure AD tenant. With this information you can evaluate devices that may be missing agents required for monitoring, devices missing from vulnerability assessment scopes, or evaluate permissions for your users, groups, or registered azure applications.

What data is retrieved?

The Azure AD adapter is able to fetch a wide variety of user and device data, including usernames, group membership details, device ownership, user license details, login activity/risky user assessments, O365 activity, and more.

Do any enforcements exist? How can they help?

Axonius has a built-in enforcement for adding selected users/devices to an Azure AD group for further processing by administrators. Axonius users can also take advantage of on-premises Active Directory enforcements if they are running in a hybrid deployment model.

 

Okta

What does the tool do?

Okta is an Identity as a Service tool that can be used to provide a Single Sign-On solution to all of your organization's apps.

What use cases can the adapter solve?

The Okta adapter can fetch information regarding enrolled users and their registered applications and permissions. This can be used for access auditing or other related controls.

What data is retrieved?

The Okta adapter fetches information regarding users, their groups configured within Okta, application registrations, and information around what additional authentication factors may (or may not) be configured.

Do any enforcements exist? How can they help?

Axonius has built-in enforcement actions for enabling or disabling Okta users. This can help in cases where you want users to be disabled as a precaution or in the case of an internal policy violation.

 

Microsoft System Center Configuration Manager

What does the tool do?

Microsoft System Center Configuration Manager (SCCM) is a systems management software product for managing large groups of computers running Windows NT, Windows Embedded, macOS (OS X), Linux or UNIX, as well as Windows Phone, Symbian, iOS, and Android mobile operating systems.

What use cases can the adapter solve?

SCCM is a powerful endpoint management solution that provides a robust inventory of our managed devices in Axonius. Even more importantly, by combining SCCM with network/infrastructure data coming from additional adapters, we can identify unmanaged or even rogue devices on the network.

What data is retrieved?

Axonius will collect common device information such as IPs, hostname, MAC address, serial_number, etc. The adapter connects directly to the SCCM MSSQL database to pull additional device information such as installed software, patches, and collection data.

Do any enforcements exist? How can they help?

Axonius can add assets to SCCM collections directly in The Enforcement Center.

 

Jamf Pro

What does the tool do?

Jamf Pro is an enterprise mobility management (EMM) tool that provides unified endpoint management for Apple devices.

What use cases can the adapter solve?

Jamf Pro is a powerful endpoint management solution that provides a robust inventory of our managed Apple devices in Axonius. Even more importantly, by combining Jamf Pro with network/infrastructure data coming from additional adapters, we can identify unmanaged or even rogue devices on the network.

What data is retrieved?

Axonius will collect common device information such as IPs, hostname, MAC address, serial_number, etc. It will also collect information unique to Jamf such as device policies, profiles, and groups. The adapter can be configured to collect additional information, such as user data and even mobile devices.

Do any enforcements exist? How can they help?

With the CrowdStrike or other Endpoint Protection adapter configured, Axonius can add devices to Jamf Pro computer groups directly in The Enforcement Center.

 

0

Comments

0 comments

Please sign in to leave a comment.

Didn't find what you were looking for?

New post