1-AAD_Scan Job

The 1-AAD_Scan Job is responsible for collecting data from Microsoft Entra ID. This job requires no additional customizations before being used, but can be scoped to disable collecting sign-in activity with the scan.

Queries for the 1-AAD_Scan Job

The 1-AAD_Scan job uses the AzureADInventory Data Collector for the following query:

• AAD Inventory – Targets Microsoft Entra tenants to collect inventory data for user group objects
  • (Optional) This query can be modified to specify scan options and to collect custom attributes. See the Configure the 1-AAD_Scan Query topic for additional information.

Configure the 1-AAD_Scan Query

The 1-AAD_Scan Job is configured to run with the default settings with the category of Scan Entra ID. Follow the steps to customize configurations.

Step 1 – Navigate to the .Entra ID Inventory > 1-AAD_Scan > Configure node and select Queries.

Step 2 – In the Query Selection view, click on Query Properties to open the Query Properties window.

Step 3 – Select the Data Source tab, and click Configure to open the Entra ID Inventory DC Wizard.

Step 4 – On the Options page, select the different Scan Options as needed:

• Collect only updates since the last scan – Enables differential scanning.

  NOTE: Enabling the Collect Open Extensions option on the Custom Attributes page overrides this function.

• Collect sign-in activity with scan – Required to collect the LastLogonTimestamp attribute of user objects. A message will alert users that deselecting this option will disable this function.

• Collect Directory Audit Events – Collect Microsoft Entra ID audit logs

Step 5 – On the Custom Attributes page, click Add or Import to add or import custom attributes.

• Select Collect Open Extensions to enable the data collector to collect all extension attributes in Microsoft Entra ID. Enabling this option will increase scan times.

  NOTE: Enabling this option overrides the differential scan setting and will direct the data controller to run a full scan every time the job is run.

• See the AzureADInventory Data Collector topic for additional information on adding and importing custom attributes.

Step 6 – Navigate to the Summary page. Click Finish to save changes or click Cancel to exit without saving. Then click OK to close the Query Properties window.

The 1-AAD_Scan Job is now ready to run with the customized settings.

Analysis Tasks for the 1-AAD_Scan Job

Navigate to the .Entra ID Inventory > 1-AAD_Scan > Configure node and select Analysis to view the analysis tasks.

CAUTION: Do not modify or deselect the selected analysis tasks. The analysis tasks are preconfigured for this job.

The default analysis tasks are:

• Import functions – Imports effective group membership function into the database
• Bring Users View to Console – Enables the SA_AzureADInventory_UsersView to be accessible under the job’s Results node
• Bring Groups View to Console – Enables the SA_AzureADInventory_GroupsView to be accessible under the job’s Results node
• Bring Group Members View to Console – Enables the SA_AzureADInventory_GroupMemberssView to be accessible under the job’s Results node
• Summarize Domains – Creates interim processing tables in the database for use by downstream analysis and report generation
• Summarize Stats – Creates interim processing tables in the database for use by downstream analysis and report generation

In addition to the tables and views listed in the Standard Reference Tables & Views for the AzureADInventory Data Collector section, the 1-AAD_Scan Job produces the following preconfigured report.

Report	Description	Default Tags	Report Elements
Entra ID Summary	This report provides a summary of all audited domains and objects.	None	This report has two elements: - Table – Provides details on general statistics on the Users and groups found with each tenant scanned - Table – Provides details on statistical information for each of these Entra ID objects