Identity

Identity & Device Recognition

Directory services, passive fingerprinting, and endpoint signals converge into per-flow identity tags.

GAAD · Azure · SCIM

HOW IT WORKS

Walk through a single flow

1Active Directory logon events are captured by a lightweight domain-controller agent.
2Entra / Azure AD sign-ins feed an address-to-user mapping through Microsoft Graph.
3SCIM integrations push directory changes into the identity store.
4Passive signals — ARP, DHCP, client hints — enrich unmanaged and roaming devices.

UNDER THE HOOD

Technical notes

Pull-based by design

The identity plane does not expose listeners on domain controllers. Agents publish state; Zedmos pulls on a schedule. Simpler firewall posture, simpler audit.

Other capabilities that plug in here

Security

Multi-Action Policy Engine

allow / drop / reset / shape / redirect / quarantine / tarpit / scan / rewrite / exec / mark / escalate / route / log.