Skip to main content

Recommended Configurations for the .Entra ID Inventory Job Group

The .Entra ID Inventory Solution is configured to inherit settings from the Global Settings node. The host list and connection profile must be assigned before job execution. Once these are assigned to the job group, it can be run directly or scheduled.

Dependencies

This job group does not have dependencies.

Targeted Hosts

All Microsoft Entra Tenants.

Connection Profile

The Connection Profile is assigned under .Entra ID Inventory > Settings > Connection. It is set to Use the Default Profile, as configured at the global Settings level. However, if this is not the Connection Profile with the necessary permissions for targeting the Microsoft Entra tenants, select the Select one of the following user defined profiles option and select the appropriate Connection Profile. See the Microsoft Entra ID Connection Profile & Host List topic for information.

History Retention

Not supported.

Multi-Console Support

Not supported.

Schedule Frequency

RECOMMENDED: Schedule the .Entra ID Inventory job group to run once a day. If there are frequent Microsoft Entra ID changes within the target environment, then it can be executed more often. It is best to rerun it anytime Entra ID changes might have occurred.

Run at the Solution Level

The jobs in the .Entra ID Inventory Job Group should be run together and in order by running the entire solution, instead of the individual jobs.

Query Configuration

Run the solution with the default query configuration for best results. While it is recommended to make no changes to the 1-AAD_Scan Job, a possible modification might be to scope the query to not collect login activity.

Analysis Configuration

Run the solution with the default analysis configuration for best results. However, a possible modification might be to customize exception analysis parameters within the 2-AAD_Exceptions Job.

Workflow

The following is the recommended workflow:

Step 1 – Configure and assign the host list and Connection Profile.

Step 2 – Schedule the .Entra ID Inventory job group to run as desired.

Step 3 – Review the reports generated by the .Entra ID Inventory Job Group.