A question as much for the InsightIDR team as well as other users.
We’re in the process of removing all on-premise AD with users and computers authenticating to cloud only Azure AD. Without LDAP as an option, I am not sure how we actually get user attribution in InsightIDR. All the logs and info are there, but our user count shows as 0.
By connecting our Office365 tenancy we get all of our Azure AD ingress logs and a huge amount of information - however we lose user attribution in InsightIDR.
-
Is anyone else in this situation and how are you managing it?
-
Does the Rapid7 team have a plan to support this without LDAP? E.g. can’t this info be retrieved using MS Graph API the way many other applications do it?