Skip to main content

Recommended Configurations for Entra ID Job Group

The Entra ID Solution has been configured to inherit down from the job group Settings node. The host list must be assigned and the Connection Profile configured before job execution. Once these are assigned to the job group, it can be run directly or scheduled.

Dependencies

Running the .Entra ID Inventory Job Group provides essential data to the Entra ID Solution.

Running the .Active Directory Inventory Job Group is required to collect on-premises directory syncing information. See the .Active Directory Inventory Solution topic for additional information.

Targeted Hosts

The Entra ID Solution does not require a target host because the jobs use data collected from the .Entra ID Inventory Job Group and the .Active Directory Inventory Job Group. However, Enterprise Auditor jobs do not execute successfully without a host list assigned. Assign the host list under the Entra ID > Settings > Host Lists Assignment node. Check the Local host box and click Save.

Connection Profile

Since the Entra ID Solution is not collecting any data, a specific connection profile is not necessary. Therefore, the default setting Use the Default Profile is sufficient for this solution.

Schedule Frequency

Schedule the Entra ID Job Group to run on a preferred schedule.

Optional Configuration

The Entra ID Solution receives user and group membership information from the .Entra ID Inventory Solution. Information received includes manager, email addresses, and direct membership. Customize within the .Entra ID Inventory > 2-AAD_Exceptions Job's Deeply Nested Groups and Large Groups analysis tasks.

See the .Entra ID Inventory Solution topic for additional information.

Workflow

The following is the recommended workflow:

Step 1 – Assign the Local host at the solution level as described above.

Step 2 – Run the .Entra ID Inventory Job Group. If on-premises directory syncing information is desired, run the .Active Directory Inventory Job Group.

Step 3 – Schedule the solution to run as desired with consideration to the run schedules of the solutions collecting data.

Step 4 – Review the reports generated by the jobs.

Recommended Configurations for the .Entra ID Inventory Job Group

The .Entra ID Inventory Solution is configured to inherit settings from the Global Settings node. The host list and connection profile must be assigned before job execution. Once these are assigned to the job group, it can be run directly or scheduled.

Dependencies

This job group does not have dependencies.

Targeted Hosts

All Microsoft Entra Tenants.

Connection Profile

The Connection Profile is assigned under .Entra ID Inventory > Settings > Connection. It is set to Use the Default Profile, as configured at the global Settings level. However, if this is not the Connection Profile with the necessary permissions for targeting the Microsoft Entra tenants, select the Select one of the following user defined profiles option and select the appropriate Connection Profile. See the Microsoft Entra ID Connection Profile & Host List topic for information.

History Retention

Not supported.

Multi-Console Support

Not supported.

Schedule Frequency

RECOMMENDED: Schedule the .Entra ID Inventory job group to run once a day. If there are frequent Microsoft Entra ID changes within the target environment, then it can be executed more often. It is best to rerun it anytime Entra ID changes might have occurred.

Run at the Solution Level

The jobs in the .Entra ID Inventory Job Group should be run together and in order by running the entire solution, instead of the individual jobs.

Query Configuration

Run the solution with the default query configuration for best results. While it is recommended to make no changes to the 1-AAD_Scan Job, a possible modification might be to scope the query to not collect login activity.

Analysis Configuration

Run the solution with the default analysis configuration for best results. However, a possible modification might be to customize exception analysis parameters within the 2-AAD_Exceptions Job.

Workflow

The following is the recommended workflow:

Step 1 – Configure and assign the host list and Connection Profile.

Step 2 – Schedule the .Entra ID Inventory job group to run as desired.

Step 3 – Review the reports generated by the .Entra ID Inventory Job Group.