Hi everyone 
I’m working on an integration between Identity Security Cloud (ISC) and Microsoft Azure AD (Entra ID) and I have a question regarding the management of Organizational Units (OUs).
I understand that Azure AD/Entra ID does not have OUs in the same sense as Active Directory On-Premises, where the distinguishedName attribute clearly defines the organizational unit of an object.
However, I’ve noticed that in Entra ID there are concepts and attributes that might work in a similar way, such as:
-
department -
companyName -
onPremisesDistinguishedName(when synced via AD Connect) -
Administrative Units (AUs)
My questions are:
Is there any way to manage or “move” an identity between these “logical organizational units” directly through the Azure AD connector in ISC?
If so, should this be done via identity attributes (e.g., mapping department or another field), or would it be possible to handle it directly through a provisioning policy?
I’d like to confirm if anyone in the community has faced a similar scenario and what the best practice is to reflect “organizational structure” changes in Entra ID through Identity Security Cloud.
Thanks in advance for your support! 