Skip to main content
Skip table of contents

Entra/Azure AD Configuration

Introduction

As part of the move to a Microsoft 365-centric architecture, often on-premises Active Directory information is migrated into Entra Active Directory (AD). Discover fully supports obtaining user or group information from Entra AD. This document describes how to configure this access.

Note: The commands required to access Entra AD are only supported by 64-bit machines. If you plan to use Entra AD, please make sure you are installing on a 64-bit operating system with 64-bit components (i.e., Outlook if required).

Section 1: PowerShell Setup/Access

Any Discover Connector server that will be performing queries into Entra AD must have the following PowerShell module loaded:

  • Microsoft.Entra

You can verify if this module is present by launching a PowerShell session as Administrator, then issuing the following command:

get-installedmodule


If the module is present, the response to that command will show the following:

image-20250404-155932.png

If the modules are present, the Discover machine is prepared to access Entra AD. Please continue with configuring the data target search as described in Section 2. If the modules are not present, continue with the installation instructions shown in this section.

Installing Microsoft.Entra

Install the Microsoft.Entra module by issuing this command from a PowerShell session:


install-module Microsoft.Entra -AllowClobber


As shown below, this command will also present a confirmation prompt. When it does, press Y to proceed

image-20250404-155625.png

Section 2: Discover Configuration

Once the PowerShell module has been loaded, there are two locations where Entra-related settings should be verified within your Discover configuration. First, the PowerShell authentication type and URL should be verified in the Connector settings. Also, the PowerShell account information should be verified in the Connector Status Utility.

If you are using Oauth (Modern) Authentication, please skip this section and refer to the setup directions included in the Oauth Configuration Guide

Connector Settings

To validate the PowerShell authentication and URL in the Connector settings, log in to the Discover dashboard. Either click the red Connectors block on the home page or click Administration, then Configuration/Connectors.

image-20250404-182738.png

Select a Connector, hover over the More button, and choose connector settings

image-20250404-182836.png

Check the advanced box, then select the tab for Connector settings and scroll to the bottom of the page to locate the settings for PowerShell Auth Type and URL, and verify the settings are correct for your environment.

image-20250404-182958.png

If your settings are correct, move on to the Connector Status Utility Settings section of this document. If you do modify the settings, be sure to click the blue Update button at the bottom of the form. Return to the Connectors screen, then hover over the Action button and click Download Configuration File.

image-20250404-183136.png

Selecting this option will force an update of the Connector settings from the Discover database to the local Connector server. Gimmal recommends restarting the Connector service on the server to ensure the updated settings are in effect.

Connector Status Utility Settings

Log into the Connector server and launch the Connector Status Utility by clicking the desktop icon shown below.

If your server does not have a desktop icon, locate the file SherpConnectorStatus.exe file in the folder
C:\Program Files (x86)\Sherpa Software\Sherpa Connector
And launch the utility from that location.


Click on the Credentials hyperlink, then click the Connectors tab:

At the bottom of the form confirm that the Master PowerShell Credentials shown are accurate. If the credentials are correct, continue with Section 3: Entra AD Data Target Searches in this document.

If you need to enter (or modify) the credentials be sure to click the Save button at the bottom of the form. Then close the Connector Status Utility then restart the Connector Service to ensure the latest credential information is being used by the service.

Section 3: Entra AD Data Target Searches for Data Owners

Once the Entra AD components are in place, Discover should be able to query Entra AD through a Data Target search query. In the Discover Administration module, select Configuration then Connectors. Hover over the Action button and select Searches:

image-20250404-183820.png

On the search screen, hover over the Action button and select Add. From the Type drop-down list select Data Owners.

Supply a name for the search type, then select the 'Search For' option shown below to reference an Entra AD group. Then set the 'Search By' to Specific Connector and select your Connector device using the Edit button.

Click the Find Entra AD Group tab at the top of the form and supply the name of the Entra AD group that you would like Discover to query for user information.

Note: You may only specify one group name for each search. To search for additional groups, create multiple Entra AD searches

If you would like to create a corresponding group within Discover (this step is optional), check the 'Synchronize search results with external group' box and supply a name for the Discover group to be created.


When finished, click the blue UPDATE AND RUN button to queue the search for execution. The next time the Connector device checks in, it will pick up the search request and perform the query.

Section 4: Entra AD Data Target Searches for EWS Mailboxes

If you are using Discover to manage Exchange mailboxes in Microsoft 365, you can also obtain a list of mailbox data targets through an Entra query. Like Data Owners (described in Section 3), the process begins with creating a search from the connector screen. In this case, select EWS Mailboxes as the type of Data target

image-20250404-190000.png

In the search list drop-down box labeled “Search For” select the option “Find EWS Mailboxes from an Active Directory group in Azure”.

image-20250404-190059.png

When finished, either click the Add button, then select the search and run it, or open the search in edit mode and click the blue UPDATE AND RUN button to queue the search for execution. The next time the Connector device checks in, it will pick up the search request and perform the query.


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.