Discovery credentials for Windows Autopilot workstations Azure AD joined

cynlink1 · ‎02-13-2023

We have Windows Autopilot workstations joined to Azure AD only. These devices have NO network line of sight to our on-premises domain controllers so it is not possible to use a domain service account for credentials. We set up a service account in Azure AD for the purposes of performing Discovery. However, the credentials are failing regardless of the format we use. Is it possible to set up credentials using an Azure AD service account to run Discovery on Azure AD joined workstations? If yes, what is the format? If not, is our only alternative to use a local admin user account?

Rahul Priyadars · ‎02-14-2023

We set up a service account in Azure AD for the purposes of performing Discovery-- Service account will enable Cloud objects discovery. For OS/horizontal discovery you need domain admin or Local admin account.

Regards

RP

cynlink1 · ‎02-14-2023

Hi Rahul,

I have set up the Azure Service Principal.

I have discovered the subscriptions.

I am discovering cloud objects and Virtual Machine instances (Hybrid domain joined Servers) without error using a service account.

However, I am not able to perform OS/horizontal discovery on Autopilot devices (Azure AD joined only) using a service account. The service account can access the devices via RDP. However, it fails to work when entered as a credential in ServiceNow. Can ServiceNow perform Azure AD authentication?

A local user account works. However, we'd prefer to avoid having to use a local user account.

Rahul Priyadars · ‎02-14-2023

Can ServiceNow perform Azure AD authentication?---> Yes

If mid server is placed in n/w and resources are accessible from Mid Server.

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0657528

Regards

RP

cynlink1 · ‎02-16-2023

ServiceNow support told me that ServiceNow does not know how to authenticate with Azure AD via Discovery's Powershell commands. Does this sound right?