Skip to content
  • There are no suggestions because the search field is empty.

Block 64 Inventory Collection with Local Active Directory and Microsoft Entra ID

How Block 64 Discovers and Inventories Devices Across On-Premises and Cloud Identity Sources

Block 64’s Discovery Platform supports flexible inventory collection methods for organizations using either Local Active Directory (AD), Microsoft Entra ID, or a hybrid identity model. This article outlines how inventory works in each scenario and what credentials and configurations are required for successful device discovery.

Inventory with Local Active Directory (AD)

When operating in an environment with Local AD, Block 64 can collect inventory by:

  • Connecting to the domain controller via the Block 64 Discovery Application

  • Using a domain administrator account with remote access permissions (e.g., WMI, RPC, Admin$)

  • Scanning target IP ranges to identify domain-joined devices

This setup allows for seamless remote inventory collection from all domain-joined Windows devices within scope.

Inventory in Hybrid Environments with Microsoft Entra ID

If a customer uses Microsoft Entra ID (formerly Azure AD), either independently or synchronized with Local AD, Block 64 can also perform discovery across cloud-joined or hybrid-joined devices.

Supported Scenarios:

  • Entra-only devices (cloud-joined): Can be inventoried using Microsoft 365/Entra ID credentials via the Discovery Application.

  • Hybrid-joined devices: Can be inventoried using either:

    • A local administrator account present on all devices

    • Domain credentials if the devices still accept domain authentication

This enables inventory even when devices are no longer fully domain-joined, provided valid remote access credentials are configured in the platform.

How to Add Microsoft Entra ID to Discovery

Entra ID discovery is available within the Block 64 Discovery Application, during either:

  • Simple Deployment: Enter common configuration options (IP ranges, Local AD credentials, M365/Entra ID credentials)

  • Custom Deployment: Input separate Entra ID and Local AD credentials as needed

After setup, additional credentials can be added or reauthenticated at any time by going to:

Settings → Credentials

Important Notes on Permissions

For any inventory attempt to succeed, the account used must have:

  • Administrative privileges on the target device

  • Remote access enabled and not blocked by UAC, firewall, or GPO

If a custom local admin account fails to connect, but the built-in Administrator account works, this typically points to restricted permissions on the custom account.

Alternate Option: Inventory via the Block 64 Discovery Agent

When remote access is not feasible (e.g., in Entra ID-only environments without a shared local admin), the Discovery Agent can be deployed on endpoints to collect inventory data and send it to the platform.

Reporting Considerations

Keep in mind:

  • Entra ID inventories may include non-traditional assets like mobile devices

  • This can affect completion rates if compared to traditional AD environments

  • You can filter results by data source (AD, Entra ID, or both) in both:

    • The Block 64 Discovery Application

    • The Combine reporting dashboard

Need More Help?

Check our Support Center, or submit a support request directly from the Customer Portal.