https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cie-integration/m-p/616228#M7409 <P class="p1">Hi&nbsp;&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1372551263">@Fm12345</a>&nbsp;</P> <P class="p2">&nbsp;</P> <P class="p1">Thanks for your query on LC!</P> <P class="p1"><BR />It depends on the customer and their setup. If you are synching everything to Azure, I would expect that information to be there. I believe it's possible to only synch a portion of on prem AD to Azure, though, in which case on prem would be necessary to get everything.</P> <P class="p2">&nbsp;</P> <P class="p1">The on-prem Cloud Identity Engine agent is what pulls OUs from AD, Also you will need to setup CIE on-prem in order to take advantage of most of the Identity Analytics (and ITD) detections.&nbsp;</P> <P class="p2">&nbsp;</P> <P class="p1">There are two reasons you may opt for going the on-prem agent vs the cloud configuration:</P> <OL class="ol1"> <LI class="li1">You want to collect OU information on users and computers. Azure AD is flat, so while you&nbsp;<I>will&nbsp;</I>get group information, there's no concept of OUs.</LI> <LI class="li1">The customer is only synching a subset of their directory to Azure AD and you want to be able to identify everything,</LI> </OL> <P class="p1">If you don't care about OUs, Identity Analytics (and ITD) detections etc,.&nbsp;<SPAN class="Apple-converted-space">&nbsp;then&nbsp;</SPAN>I'd just connect Azure AD.<BR /><BR /><SPAN>If this response was helpful, please click "<STRONG>Accept as Solution</STRONG>" to acknowledge.</SPAN><BR /><BR />Regards,</P> Wed, 06 Nov 2024 10:52:04 GMT nar 2024-11-06T10:52:04Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cie-integration/m-p/616147#M7405 <P>In case of hybrid environment,Can we send data to CIE instance from both Azure AD as well as on-prem AD as it supports both.</P> <P><SPAN>Or it is enough if we send data only from on-prem AD alone.</SPAN></P> Tue, 05 Nov 2024 15:15:55 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cie-integration/m-p/616147#M7405 Fm12345 2024-11-05T15:15:55Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cie-integration/m-p/616228#M7409 <P class="p1">Hi&nbsp;&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/1372551263">@Fm12345</a>&nbsp;</P> <P class="p2">&nbsp;</P> <P class="p1">Thanks for your query on LC!</P> <P class="p1"><BR />It depends on the customer and their setup. If you are synching everything to Azure, I would expect that information to be there. I believe it's possible to only synch a portion of on prem AD to Azure, though, in which case on prem would be necessary to get everything.</P> <P class="p2">&nbsp;</P> <P class="p1">The on-prem Cloud Identity Engine agent is what pulls OUs from AD, Also you will need to setup CIE on-prem in order to take advantage of most of the Identity Analytics (and ITD) detections.&nbsp;</P> <P class="p2">&nbsp;</P> <P class="p1">There are two reasons you may opt for going the on-prem agent vs the cloud configuration:</P> <OL class="ol1"> <LI class="li1">You want to collect OU information on users and computers. Azure AD is flat, so while you&nbsp;<I>will&nbsp;</I>get group information, there's no concept of OUs.</LI> <LI class="li1">The customer is only synching a subset of their directory to Azure AD and you want to be able to identify everything,</LI> </OL> <P class="p1">If you don't care about OUs, Identity Analytics (and ITD) detections etc,.&nbsp;<SPAN class="Apple-converted-space">&nbsp;then&nbsp;</SPAN>I'd just connect Azure AD.<BR /><BR /><SPAN>If this response was helpful, please click "<STRONG>Accept as Solution</STRONG>" to acknowledge.</SPAN><BR /><BR />Regards,</P> Wed, 06 Nov 2024 10:52:04 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cie-integration/m-p/616228#M7409 nar 2024-11-06T10:52:04Z