Azure Integration

This document describes how to integrate the Rezonate product with the Azure Active Directory and Azure Subscriptions.

Step 1 - Creating an Application

  1. Browse to the Azure Active Directory user portal.

  2. In the new Application name, write “Rezonate” and then click Create.

  3. After the creation process is complete, you will be redirected to the application page.

  4. Click the Permissions tab on the side menu.

  5. Select “Application registration”.

Step 2 - Granting Access to Azure AD + M365

  1. Select “Add Permissions” and select Microsoft Graph, and then Application permissions.

  1. Add the following read-only permissions for the application to acquire all relevant data:

TeamMember.Read.All UserAuthenticationMethod.Read.All Policy.Read.PermissionGrant IdentityRiskyServicePrincipal.Read.All Channel.ReadBasic.All SecurityAlert.Read.All Group.Read.All AdministrativeUnit.Read.All MailboxSettings.Read Directory.Read.All ReportSettings.Read.All RoleManagement.Read.All User.Read.All Domain.Read.All GroupMember.Read.All IdentityProvider.Read.All TeamSettings.Read.All IdentityRiskyUser.Read.All Organization.Read.All IdentityRiskEvent.Read.All AuditLog.Read.All Policy.Read.All Member.Read.Hidden Application.Read.All Reports.Read.All DirectoryRecommendations.Read.All

  1. After selecting the permissions, Click Add Permissions.

  2. For Microsoft 365 integration, select “Add Permissions” again, and select Office 365 Management APIs, and then Application permissions.

  3. Add the following permissions read-only permissions:



  1. After selecting the permissions, Click Add Permissions.

  2. Click “Grant Admin Consent for Rezonate” and then “Yes”.

  3. Select “Certificates & secrets” in the side menu.

  4. Select “Upload certificate”.

  5. Add the rezonate_aad_azure.crt file from Rezonate. (Attached in this article)

  6. Click the Overview button.

  7. Please copy and bring back the following items:

    1. Application (client) ID

    2. Directory (tenant) ID

Step 3 (for Azure Integration) - Granting Access to Azure Management Group

  1. Head over to the Management Groups screen, and choose the Tenant Root Group.

  2. Select Access Control (IAM) from the left-side bar.

  3. Select “Role Assignments”, then “Add”, and then “Add role assignment”.

  4. Select “Job Function Roles”, and head over to the Role tab.

  5. In this tab, select “Reader” and then “Next”.

  6. You will be moved to the “Members” page, to add members to the assignment.

  7. Click “+ Select Members” and enter the application name created in step 1 - “Rezonate”. You will see the application in the right-side menu, click it and then click “Select”.

  8. You should now see the application in the Members box. Click “Review + Assign” to finish the process.

  9. You should now see the application is assigned the “Reader” role, listed in the “Role assignments” screen.

  10. Head over to the overview screen of the subscription to find the ID.

  11. Please copy and bring back the following items:

    1. Subscription ID numbers to cover.

    2. Tenant ID.

Last updated