LDAP queries

In addition to querying the core database, Endpoint Manager also provides the directory tool that lets you locate, access, and manage devices in other directories via LDAP (the Lightweight Directory Access Protocol).

You can use an on-premise Active Directory source or you can use an external Microsoft Azure Active Directory.

If you will be using Azure Active Directory, you first need to configure it to allow Secure LDAP, also known as LDAP over Secure Sockets Layer (SSL) / Transport Layer Security (TLS). This isn't enabled by default. Follow the steps here before creating a connection from Endpoint Manager: https://docs.microsoft.com/en-us/azure/active-directory-domain-services/tutorial-configure-ldaps.

Note that LDAP access through Microsoft's Graph API isn't currently supported.

You can query devices based on specific attributes such as processor type or OS. You can also query based on specific user attributes such as employee ID or department. LDAP queries can be saved and used as task targets. Queries are dynamic and saved queries are re-run each time they're used.

For information about creating and running database queries from the Queries groups in the network view, see Database queries.