Azure Integration Guide

Built for Microsoft Azure

TENET provides deep, native integration with Azure through direct SDK connectivity — delivering comprehensive visibility across your entire Azure estate.

Connect in minutes with the automated setup wizard, or follow the manual steps for full control over each configuration step.

TRY FOR FREE CONTACT US

TENET — Azure IntegrationConnected ✓

Subscriptions (4 connected)

Production

a1b2-****-prod

148 resources

Development

c3d4-****-dev

62 resources

Shared Services

e5f6-****-ss

34 resources

Staging

g7h8-****-stg

21 resources

SDK Coverage

Azure Resource ManagerAll subscriptions

Microsoft Graph APIEntra ID & RBAC

Azure Monitor MetricsPerformance & logs

Security Center APIDefender posture

Managing multiple Azure tenants?

Each Azure tenant requires a separate integration. Repeat the setup steps below for each tenant you want to connect to TENET.

TENET Setup Wizard (Recommended)

The fastest way to connect TENET to your Azure environment is with the TENET Setup Wizard. It guides you through the entire process automatically — creating the app registration, configuring API permissions, and assigning the required roles — in just a few clicks. Watch the video below to see how it works.

Manual Setup

Follow these steps to manually configure the Azure app registration and permissions required by TENET.

Step 1: Creating an app registration in the Azure Portal

1. Log into your Azure Portal

2. Search for App Registrations in the top search bar.

Search for App registrations in Azure Portal

3. Click on + New registration

Click New registration button in Azure Portal

4. Fill in the details:

Name: TENET
Redirect URI: Select a platform: Single-page application (SPA)
URL: https://tenet-portal.com
Click Register

Fill in app registration details - Name: TENET, Redirect URI: Single-page application

Step 2: Configure API Permissions

5. In the top toolbar, search for TENET (or the name you used for the app registration)

Copy Application (client) ID and Directory (tenant) ID from Azure Portal

6. Navigate to Manage → API permissions

7. Select + Add a permission → Microsoft Graph → Application permissions.

Ensure you select Application Permissions, not Delegated — this is required for the integration to work correctly.

8. Search for and select Directory.Read.All (Enables TENET to read directory data for synchronization)

Click add permissions

9. Grant admin consent

Then click on Grant admin consent for [Your Tenant] and confirm selection

10. Ensure all permissions have a green check in the Status column.

Permissions status with green checkmarks

Step 3: Grant the TENET application Subscription Permissions

The following steps grant TENET read access to all subscriptions within the management group. To limit access to specific subscriptions only, follow the same steps but search for individual subscription names instead of Management Groups.

11. In the top toolbar, search for Management Groups

12. Select your root management group (usually Tenant Root Group).

Global Administrator but can't access Management Groups? Follow Microsoft's guide to elevate your access.

13. Click on Access control (IAM) → Role assignments

14. Select Reader role.

Repeat this step twice more to also assign Monitoring Reader and Security Reader — all three roles are required.

Click on the Members tab, and then + Select members.

In the + Select Members panel, search for the name of the app registration that you created earlier, then click on it
Click Select at the bottom

Search for app registration in Select Members panel

All three roles (Reader, Monitoring Reader, Security Reader) are required. If not using management groups, ensure each role is assigned per individual subscription.

15. Once all permissions have been added, click Review + assign (twice) to complete

Step 4: Create Client Secret

16. Return to App registrations and open your registered app

Please take note of the Application (client) ID and Directory (tenant) ID from this page - you will need to copy these across to the TENET Platform later.

Application overview showing Client ID and Tenant ID

17. Navigate to Manage → Certificates & secrets → Client secrets

18. Click + New client secret, provide a name and expiry, and then click Add

19. Please take note of the Value of the secret - this is the final data point you will need to copy across to the TENET Platform.

Step 5: Add Credentials to TENET

20. Log in to TENET and navigate to Settings (tenet-portal.com/settings)

Enter a friendly Tenant Name and previously noted Tenant ID, Client ID & Client Secret then click on Start Assessment

Wait for validation and initial data fetch to be completed (about 45 seconds) and you can start reviewing TENET's insights.

You're done! 🎉

Managing and Monitoring Assessments

Once connected, TENET continuously monitors your Azure environment. Here's what to expect.

Automatic assessments

Full assessments run every 12 hours. Anomaly detection refreshes every hour. A manual refresh is also available in the Directories tab.

Permission errors

If missing permissions or invalid credentials are detected, TENET surfaces error messages in the platform. Adjust your Azure role assignments accordingly.

Plan Limits

Azure integration is available on all plans. The number of tenants you can connect depends on your plan.

TRIAL — 14 DAYS

Full access to all Scale plan features — explore every capability with no restrictions during your trial.

SCALE PLAN

Automated and on-demand assessments for a single Azure tenant.

PRO PLAN

Automated and on-demand assessments for multiple tenants simultaneously.

Ready to integrate your Azure environment?

Get up and running in minutes with TENET's native Azure integration

Start for free Book a demo

14-day free trial · 5 minute setup · No credit card required