Microsoft Entra Device ID in Unify

Microsoft Entra Device ID is a globally unique identifier assigned to each device managed within the Microsoft Entra ecosystem. This identifier plays a key role in maintaining accurate device records by enabling consistent identification of endpoints across Microsoft services and applications.

Because the Device ID is unique per device, it can be used to improve how devices are tracked, matched, and correlated across integrated systems.

Integration of Unify with Microsoft Entra Device ID

To improve the accuracy and reliability of device matching within Unify, the Microsoft Entra Device ID can be used when it is available in incoming data.

When configured:

  • The Device ID included in incoming data (when provided by Microsoft) is compared with the value stored for each device in your Remote Monitoring and Management (RMM) platform

  • This comparison improves the accuracy of device matching within Unify

  • Matching confidence is increased when a direct Device ID match is found

By incorporating this identifier into the matching process, device correlation across systems becomes more consistent and reliable.

This behavior applies within the Unify module and is available to Kaseya SIEM when the required data is present.

Overview of required configuration steps

To enable this behavior, you must ensure that the Microsoft Entra Device ID is collected at the endpoint level and stored in your RMM.

The general workflow is:

  1. Create a custom field in your RMM called msftEntraDeviceId.

  2. Create a script that retrieves the Microsoft Entra Device ID from each device

  3. Store the output of the script in the msftEntraDeviceId field

  4. Schedule the script to run once per day on all applicable devices

Once the field is populated and available through your RMM integration, Unify will use this value automatically as part of the matching process.

No additional configuration is required within SIEM.

IMPORTANT  A Datto RMM Comstore component is available to simplify the retrieval and storage of the Microsoft Entra Device ID. This component is designed to retrieve the Device ID directly from the endpoint and store it in a User Defined Field (UDF). Partners are no longer required to manually copy and maintain scripts unless they choose to do so. Although a script example is provided below, using the Comstore component is recommended where available.

Powershell script example

The following script demonstrates how the Microsoft Entra Device ID can be retrieved:

$DsregCmdStatus = dsregcmd /status
if($DsregCmdStatus -match "DeviceId")
{
$DeviceId = $DsregCmdStatus -match "DeviceID"
$DeviceId = ($DeviceId.Split(":").trim())
$DeviceId = $DeviceId[1]
}
$DeviceId

NOTE  The $DeviceId should look similar to this: 60da01ce-6420-4233-b39d-72c65a23409b

Product-specific instructions

Because RMM platforms differ in how custom fields, scripts, and automation are configured, the following guidance provides a general roadmap. Terminology and steps may vary depending on your RMM environment.

If the instructions below do not match your environment, refer to your vendor’s official documentation.

Ninja RMM

Creating a custom field (official documentation)

  1. Add a New Custom Field:
  • Ninja RMM provides two categories of custom fields: global custom fields (apply to all devices) and role-based custom fields (apply only to specific device types). For msftEntraDeviceId, you would likely use a global custom field.
  • Custom field types in Ninja RMM include text, integers, drop-downs, and device mapping fields. Choose the type that best suits your data format. For msftEntraDeviceId, a text field would be appropriate​​.
  1. Configure the Custom Field:
  • Set the technician access to ‘Read Only’ and the script access to ‘Read / Write’ to ensure that the field can be written to by a script but not modified manually by technicians​​​​.

Creating and scheduling a PowerShell script

  1. Develop the PowerShell Script:
  • Write a script that pulls data from the endpoint and stores it in the msftEntraDeviceId custom field. This script should be tested thoroughly in a development environment before deployment.
  1. Add the Script:
  • Navigate to Administration > Library > Automation in Ninja RMM.
  • Click ‘Add a Scheduled Automation’ and copy the example script into the IDE provided by Ninja RMM.
  • Add “Ninja-Property-Set msftEntraDeviceId $DeviceId” as the last line after the example script.
  • Set the script’s parameters, ensuring that the operating system is set to Windows and the language to PowerShell​​​​.
  1. Scheduling the PowerShell Script
  • Navigate to the policy where you want to apply the script.
  • Click Scheduled Automations and then Add a scheduled script.
  • Choose an appropriate name and description for your automation.
  • Set the schedule to run once per day and your preferred notification preferences.
  • Select Add Automation, find your script and click it to add it into the schedule.
  • Leave the "Preset Parameter" field blank, set "Run As" to "System", and then click 'Apply'.

* Within Ninja, please make sure these parameters are set:

Kaseya VSA 9

  1. Create a custom field: Audit > Machine Summary > +New Custom Field.
  2. Name it msftEntraDeviceId and set the type to String.

Upload the Powershell script to Kaseya VSA.

  1. Create an Agent Procedure that delivers the PS1 file to the device, and then executes it.
  2. Use the updateSystemInfo command to store the output into the msftEntraDeviceId custom field.
  3. Schedule the Agent Procedure to run once per day.

Here’s some links that may help in your journey:

Forum post on some best practices for VSA scripting.

Forum post on a quick way to do scripting.

Kaseya Support TechJams: Scripting within Agent Procedures.

Connectwise Automate

Creating an additional field

  1. Using the local Windows client and navigate to System > Configuration > Dashboard > Config -> Configurations - Additional Fields, and ensure Computers is selected as the target.
  2. Fill in the following fields:
    • Field Name: msftEntraDeviceId
    • Field Type: Text
    • Tab: Return Data
    • Data Screen: Computers
  3. Click Add.

Youtube video on how to create an Additional Field.

Creating a PowerShell script (official documentation)

  1. Hop back over to the web interface and navigate to Automation, and click + Add.
  2. Fill in the following fields:
    • Name: Kaseya SIEM - Get and Write msftEntraDeviceId to Field
    • Folder: _System Automation\Stats Gathering
    • Target: Computer
    • Description: Gets the MSFT Entra DeviceId from each device and writes it to a custom field.
    • Automation Time: 0 minute(s)
  3. Click Next.
  4. In the Editor tab, do the following:
    • Add an Execute Script function, and use the following options:
      • Script Type: PowerShell
      • Script Editor: <Paste in the example PowerShell script provided>
      • Variable: @DeviceId@
    • Click Save.
    • Add an Extra Data Field Set Value function, and use the following options:
      • Scope: Computer
      • Extra Data Field: msftEntraDeviceId
      • ID: %ComputerID%
      • Value: @DeviceId@
    • Click Save.
    • Click Save, and then close the Script Editor Tab.

Group setup (official documentation)

The PowerShell script will be scheduled against a group of computers. A simple configuration is to create a group for all Windows computers and schedule the script against that group. Instructions for setting this up are below.

(Note: Group settings are specific to your MSP and will be custom for each Automate installation. Speak to your CW Automate subject matter expert for specific instructions for your environment.)

  1. Navigate to the Groups section, right-click on Agent Types and choose Create Group.
  2. Name the Group Windows Computers.
  3. Under Auto-Join Membership, select Computers.
  4. In the Computers drop-down select Computer Types\Windows Computers
  5. Click Save.

Scheduling a Powershell script

  1. From the Windows Computers Group that was just created (or your custom group), click on the Scheduled Scripts tab.
  2. Click + Add.
  3. Select the “Kaseya SIEM- Get and Write msftEntraDeviceId to Field” script in the drop down field.
  4. Click Scheduled Recurrence.
  5. Change the Frequency to Daily, and choose an appropriate Start Time.
  6. Choose to disable the option to Wake Offline Agents.

Syncro RMM

Creating a Custom Field

  1. Go to Admin -> Customers -> Asset Custom Fields
  2. Click Manage Fields next to Syncro Device.
  3. Click +New Field, Name it msftEntraDeviceId and set the type to Text Field.

Creating a PowerShell Script (official documentation)

  1. Click >_ Scripts and click +New Script
  2. Name it something like “Kaseya SIEM- Get and Write msftEntraDeviceId to Asset”
  3. Leave all the settings as default.
  4. Paste in the example script provided above.
  5. Add the following lines to the end of the example script.
    • Import-Module $env:SyncroModule -WarningAction SilentlyContinue
    • Set-Asset-Field -Name msftEntraDeviceId -Value $DeviceId

Scheduling a PowerShell Script (official documentation)

  1. Go to Policies.
  2. Edit the Policy that applies to the Assets you would like to run the script against.
  3. Go to Scripting within that policy.
  4. If the Script Schedules section is missing add it from the Add a Scripting Option dropdown.
  5. Choose +Add Entry.
  6. Select the “Kaseya SIEM- Get and Write msftEntraDeviceId to Asset” script.
  7. Set the frequency to Daily and select an appropriate time.
  8. Check the box to skip Offline Assets, and then click Save Policy.

Datto RMM

Setting up a user-defined field (official documentation)

  1. Head over to Setup -> Global Settings, and then scroll down to User Defined Fields.
  2. Find a field that is currently unused and change the Global label to msftEntraDeviceId.
  3. Click Save, and then Confirm.

Creating a component (official documentation)

  1. Navigate to Automation -> Components, and click Create Component.
  2. Use the following options:
    • Name: Kaseya SIEM- Get and Write msftEntraDeviceId to Field
    • Category: Scripts
    • Script Type: PowerShell
    • Script: <Paste in the example PowerShell script provided>
    • Script: Add this to be the last line of the example script (replace XX with the number of the UDF you chose earlier): “Set-itemproperty -path “HKLM:\software\centrastage” -Name “CustomXX” -Value $DeviceId -force”
    • Scroll down and select All Sites.
    • Click Create Component at the bottom.

Creating and scheduling a job (official documentation)

  1. Go to Automation -> Jobs, and click Create Job.
  2. Use the following options:
    • Name: Kaseya SIEM- Get and Write msftEntraDeviceId to Field
    • Components: Kaseya SIEM - Get and Write msftEntraDeviceId to Field
    • Targets: Windows Servers and Windows Desktops.
    • Recurrence: Daily
    • Start date and execution time: Select an appropriate date/time based on your specific needs.
  3. Click Create Job.

Mapping the user-defined field to Kaseya SIEM

  1. In Kaseya SIEM, edit the organization where Datto RMM is configured.
  2. Continue through the wizard until you’re on the 3rd step, Parameters.
  3. Use the dropdown to select the UDF that you choose, above.
  4. Click Finish.