Entra ID (Azure AD) Integration

PDQ Connect is able to integrate with Microsoft Entra ID (previously named Azure Active Directory) in order to further aid in the management of devices present in Connect as well as identify Entra ID devices that are missing the Connect agent.

Connecting a Tenant

Connect automatically identifies Entra ID tenants by running the following command on devices during a scan.

Dsregcmd /status

This will subsequently populate any identified tenants into the "Entra ID integration" page in Connect’s settings located in the lower left-hand corner of the console.

Entra ID scan information won't actually populate for a device until access is allowed. Selecting the "Allow access" button will bring up a Microsoft Authentication window where an Entra ID global admin, or an account with necessary permissions, will be able to authenticate and grant approval. If you don't have these permissions you'll be met with the messaging shown below.



Device Comparison

Once access has been allowed, you'll see a "Download device comparison' button on the same settings page.


This will download a CSV of Windows machines registered in Entra that do not yet have the PDQ Connect agent installed. There's no automated way to install the agent at this point, but you may reference this list when installing the agent using your preferred method.

Entra Scan Data and Filters

Following the approval of access to the Entra ID tenant, a scan will commence after 30 seconds that gathers relevant Entra data. Going forward, these scans also occur on a 24-hour interval and any time a manual scan is ran (selecting a device and choosing 'scan device'). This differs from normal device scan behavior since the scan isn't actually running against the endpoints, but rather the tenant itself.

The available data will populate in the "Active Directory & Entra ID" and "Active Directory & Entra ID groups" sections of a device.





This data may also be filtered on in groups and reports.




Revoking Access

Access only needs to be granted one time, and may also be revoked at any time. Though revocation isn't actually completed from the settings page in Connect, a tool-tip is provided there that will take you to the following Microsoft documentation that details how to revoke permissions for connected apps.

Review and revoke permissions - Entra ID

image (3).png

Still have a question or want to share what you have learned? Visit our Community Discord to get help and collaborate with others.