The IT department operated a legacy asset management system that stored hardware records and assignment history in a standalone database with no integration to the organization's identity platform or device management system. Employees join, transfer, and separate. Devices are enrolled, reassigned, and retired. Without direct integration between the asset management system and the platforms tracking those changes, the asset register only reflected reality at the moment it was last manually updated.
Assignment records lagged behind actual device custody. New device enrollments in the mobile device management platform appeared in the asset register only when a staff member noticed and entered them manually. End-of-life forecasting was unreliable because the inventory was unreliable. And the legacy system had no physical tagging capability — connecting a physical asset to its digital record required visual inspection or serial number lookup.
The replacement was scoped around four requirements: automated daily synchronization of employee records from the identity provider; automated daily synchronization of managed device records from the mobile device management platform; a physical asset tagging capability integrated directly into the new system; and a complete migration of historical asset and event records from the legacy database.
Several design decisions shaped the outcome. Employee department data is not automatically driven by raw directory values — directory department fields are user-entered and uncontrolled. Instead, the system maintains a curated department table with automated logic to distinguish between employees whose directory record has no department and employees whose department value exists but does not yet match a curated record. Device-to-employee associations from the MDM (Mobile Device Management) platform are surfaced for review rather than automatically converted into formal assignment records — a device's primary user is a technical signal, not a definitive custody assignment. Automation loop prevention was built into the data model through a boolean flag on every asset record, ensuring ETL-created records do not fire workflows designed for human-initiated changes.
The platform is implemented on Microsoft Power Platform within a Government Community Cloud (GCC) environment, with Dataverse as the central system of record. Two daily scheduled automation flows connect the system to its external data sources via the Microsoft Graph API. The employee synchronization flow queries a defined security group in Microsoft Entra ID and upserts records in Dataverse. The device synchronization flow queries all managed devices from Microsoft Intune and creates or updates asset records — with unresolved device-to-employee associations surfaced in a daily summary report for IT staff review.
A one-time migration flow transferred the complete asset register and event history from the legacy database into Dataverse, resolving legacy references against their new counterparts. Asset tag printing is handled by a full-screen canvas application that renders a formatted label with the asset identifier, serial number, and a QR code, then invokes the browser print dialog to send the job to a connected thermal label printer.
This engagement pattern applies directly to any government agency, county department, school district, or nonprofit IT team that manages hardware assets across a workforce and currently tracks them in a standalone system disconnected from its identity provider or device management platform. The integration architecture is repeatable for any organization operating in the Microsoft 365 ecosystem. The GCC deployment demonstrates the pattern is viable in compliance-constrained government cloud environments. The migration component — reading from a legacy SQL-based system and writing into Dataverse — is directly applicable to any IT modernization engagement requiring historical record preservation without manual re-entry.
Schedule a 30-minute conversation about your operational challenges.
ore.brigham@brigville.com