Entra Asset Management with BlueTally

What Is Entra Asset Management?

Entra Asset Management typically refers to one of two approaches:

1. Using Microsoft Entra as a data source for asset management

Syncing employee information from Entra into a dedicated ITAM platform (like BlueTally) to automate user management and enable secure authentication.

2. The incorrect assumption that Entra handles ITAM

Expecting Microsoft Entra to track, manage, and report on IT assets — functionality it was never designed to provide.

BlueTally takes the first approach. We integrate with Microsoft Entra to:

• Sync employees automatically via SCIM 2.0
• Enable Single Sign-On using SAML
• Centralize access control
• Automate user provisioning and de-provisioning

This gives you Entra’s enterprise-grade identity management combined with BlueTally’s purpose-built IT asset management.

‍

What Is Microsoft Entra?

Microsoft Entra (formerly Azure Active Directory or Azure AD) is Microsoft’s cloud-based identity and access management (IAM) platform. Launched in July 2023 as a rebrand of Azure AD, Entra provides:

• Single Sign-On (SSO): One login for Microsoft 365, Azure, and thousands of SaaS apps
• Multi-Factor Authentication (MFA): Enhanced security for user sign-ins
• Conditional Access: Risk-based policies controlling access
• User & Group Management: Centralized employee, contractor, and guest directory
• Device Registration: Register devices for access control

Entra is the identity backbone for organizations using Microsoft 365, Azure, and hybrid cloud environments.

However, identity management and IT asset management are fundamentally different disciplines — and this distinction is critical.

‍

Can Microsoft Entra Be Used for IT Asset Management?

Short answer: No. Microsoft Entra is an identity and access management (IAM) platform — not an IT asset management (ITAM) solution.

What Entra is designed to do

‍

What IT Asset Management requires:

The Microsoft Tech Community itself confirms this limitation. When users ask about asset management in Entra (formerly Azure AD), the response from Microsoft MVPs is consistent: "None of my customers are using asset management in AAD. It's just not extensive enough. Everyone uses third-party systems."

The solution? Use Entra for what it does best - identity and access management - and integrate it with a dedicated ITAM platform like BlueTally for complete asset lifecycle tracking.

‍

How BlueTally Enables Entra Asset Management

Automatic employee synchronization

Sync employee names, email addresses, job titles, locations, and departments from Entra to BlueTally using SCIM 2.0 - no manual employee management or data entry required.

Single Sign-On authentication

Enable secure, passwordless access to BlueTally using your existing Entra credentials - users sign in once and access asset management seamlessly without additional passwords.

Seamless user access control

Manage BlueTally access directly from Entra by assigning users or groups - automatic provisioning and de-provisioning based on your existing directory structure.

Complete asset lifecycle management

Track assets from procurement to disposal with comprehensive asset management features integrated with your Microsoft environment - check-in/out, maintenance tracking, warranty monitoring, and audit management.

‍

Limitations of Using Entra Alone for Asset Management

While Microsoft Entra excels at identity management, it was never designed for IT asset management. Here are the seven key limitations organizations face when trying to use Entra for ITAM:

1. No Asset Inventory Beyond Registered Devices

Entra only tracks devices that are registered or joined to your directory. This means:

• Monitors, docking stations, and peripherals are invisible
• Personally-owned devices (BYOD) that aren't registered don't appear
• Network equipment, printers, and other infrastructure assets aren't tracked

2. No Assignment History

Entra shows who currently owns a device, but provides no history of previous assignments. When an employee leaves and their laptop is reassigned, you lose all records of past ownership - critical for audits and incident investigations.

3. No Lifecycle Tracking

Entra has no concept of asset lifecycle stages:

• No procurement or purchase date tracking
• No warranty expiration monitoring
• No end-of-life (EOL) or end-of-support (EOS) alerts
• No disposal or decommissioning workflows

4. No Financial Data

For IT budgeting and compliance, you need financial visibility that Entra simply doesn't provide:

• No purchase price or cost tracking
• No depreciation calculations
• No vendor or PO number associations
• No total cost of ownership (TCO) analysis

5. No Checkout or Loan Workflows

Entra doesn't support temporary asset assignments:

• No loaner equipment tracking
• No due date monitoring for borrowed assets
• No digital signatures for checkout acknowledgment
• No automated overdue notifications

6. Limited Reporting for ITAM

Entra's reporting focuses on security and compliance - sign-in logs, audit events, and risk assessments. It doesn't provide:

• Asset utilization reports
• Warranty status dashboards
• Lifecycle stage summaries
• Assignment and movement histories

7. Identity-Centric, Not Asset-Centric

Fundamentally, Entra is built around identities (users), not assets (devices and equipment). An ITAM system needs to track an asset through its entire lifecycle, regardless of who owns it at any given time.

‍

What Data Does BlueTally Sync from Entra?

BlueTally integrates with Microsoft Entra through two complementary mechanisms: SCIM 2.0 for employee synchronization and SAML SSO for secure authentication.

Employee Data via SCIM 2.0

BlueTally automatically syncs employee information from your Entra directory, eliminating manual user management:

‍

How SCIM sync works:

• Configure SCIM 2.0 provisioning in your Entra admin center
• Assign users or groups to the BlueTally enterprise application
• Employee records automatically populate in BlueTally
• Changes in Entra (new hires, departures, title changes) sync automatically
• De-provisioned users are automatically marked as inactive

Authentication via SAML SSO

BlueTally supports SAML-based Single Sign-On with Entra, providing:

• Session management: Centralized sign-out across all connected applications
• Passwordless access: Users sign in with their existing Entra credentials
• Centralized access control: Manage BlueTally access directly from Entra
• Automatic provisioning: Users added to the BlueTally Entra app gain immediate access
• Just-in-time (JIT) provisioning: New users created on first sign-in

What BlueTally Adds Beyond Entra

Once employees are synced from Entra, BlueTally provides the complete ITAM layer:

‍

How to Use Entra + BlueTally

1. Configure SCIM employee synchronization

Set up the SCIM 2.0 integration to automatically sync employee information from Entra to BlueTally - including names, emails, job titles, departments, and locations with ongoing updates.

2. Enable Single Sign-On authentication

Configure SAML SSO to allow your team to access BlueTally using their existing Entra credentials - secure, passwordless access with centralized user management.

3. Manage access through Entra

Assign individual users or entire groups access to BlueTally directly from your Entra console - automatic user provisioning and de-provisioning based on directory changes.

4. Track assets with synchronized employees

Check assets in and out to employees in BlueTally that are automatically synced from Entra, with real-time updates when employee information changes in your directory.

‍

What Is the Difference Between Entra and Intune?

This is one of the most common questions IT teams have when navigating Microsoft's ecosystem. Here's the clear distinction:

Microsoft Entra (Identity Management)

• Purpose: Manage user identities and access to applications
• Focus: Who can access what
• Key features: SSO, MFA, Conditional Access, user/group management
• Device role: Registers devices for access control purposes

Microsoft Intune (Device Management)

• Purpose: Manage and secure devices (MDM/MAM)
• Focus: How devices are configured and secured
• Key features: Device enrollment, policy deployment, app management, compliance
• Device role: Full device lifecycle management and configuration

How They Work Together

Entra and Intune are complementary:

• Entra authenticates the user
• Intune manages the device
• Together, they enable Zero Trust access policies

Where BlueTally Fits

Neither Entra nor Intune provide complete IT asset management:

• Entra focuses on identity, not assets
• Intune manages enrolled devices, but doesn't track lifecycle, ownership history, or non-MDM assets

BlueTally integrates with both:

• Entra: Employee sync (SCIM) and SSO authentication
• Intune: Device sync for hardware and software inventory (see our Intune Asset Management integration)

This gives you unified asset management across your Microsoft environment - with employee data from Entra, device data from Intune, and complete lifecycle tracking in BlueTally.