Resmo Documentation
SupportStatuspageTwitterLinkedIn
  • Welcome!
  • Getting Started
    • Quick Start Guide for Admins
    • SaaS Security Guide for Employees
    • Glossary
    • FAQ
    • Support
    • Resources documentation (automated)
  • Guides
    • Query Your First Resources
    • Create Your First Rule
  • Resources
    • Resources
    • Resource Changes
  • Notebooks
    • Notebooks
  • Audit Logs
    • Audit Logs
  • API
    • Basics
    • Query API
  • Resource Tags
    • Tag Rules
    • Manual Tagging
  • Queries
    • Query Types
    • Standard SQL Queries
    • Change SQL Queries
  • SaaS Discovery
    • SaaS Discovery Methods
    • Browser Extension Admin Guide
    • AI Email Scanning
    • Resmo Agent (Beta)
    • Apps Page
    • Users Page
  • Rules
    • Rules
    • Suppression
    • AWS Config Rules vs Resmo Rules
  • Dashboards
    • Dashboards
  • Packs (Compliance and Security Best Practices)
    • Packs
    • Pack Exports
  • Alerts
    • Alerts
  • Variables
    • Variables
  • integrations
    • Integrations Guide
    • Custom Data Integration
    • AWS Integration
    • Azure Integration
    • GCP Integration
    • Google Drive Integration
    • Kubernetes Integration
    • Google Workspace Integration
    • GitHub Integration
    • Slack Integration
    • GitLab Integration
    • New Relic Integration
    • Jira Integration
    • PagerDuty Integration
    • Opsgenie Integration
    • MongoDB Atlas Integration
    • Azure Active Directory Integration
    • Cloudflare Integration
    • Confluence Integration
    • Bitbucket Integration
    • Okta Integration
    • Datadog Integration
    • Gandi Integration
    • Snyk Integration
    • Duo Integration
    • Jamf Integration
    • Snowflake Integration
    • Heroku Integration
    • Fastly Integration
    • Hubspot Integration
    • BambooHR Integration
    • Azure DevOps Integration
    • Kolide Integration
    • Flyio Integration
    • Upstash Integration
    • Qualys Integration
    • Sentry Integration
    • Brex Integration
    • JumpCloud Integration
    • Webflow Integration
    • Tenable Integration
    • SonarCloud Integration
    • Salesforce Integration
    • LastPass Integration
    • Microsoft Teams Integration
    • Zendesk Integration
    • Segment Integration
    • Terraform Cloud Integration
    • Tailscale Integration
    • Vercel Integration
    • GoDaddy Integration
    • Kandji Integration
    • LaunchDarkly Integration
    • PlanetScale Integration
    • Zoom Integration
    • Jotform Integration
    • Auth0 Integration
    • Wizer Integration
    • Linear Integration
    • Figma Integration
    • Trello Integration
    • Mixpanel Integration
    • Trivy Integration
    • CSV Integration
    • DocuSign Integration
    • Tinybird Integration
    • MonoSign Integration
    • DigitalOcean Integration
    • Sophos Integration
    • Firebase Integration
    • MySQL Integration
    • PostgreSQL Integration
    • MongoDB Integration
    • ClickHouse Integration
    • Help Scout Integration
    • Intercom Integration
    • Atlassian Integration
    • Drata Integration
    • Hetzner Cloud Integration
    • Vanta Integration
    • Microsoft Intune Integration
    • Microsoft Defender Integration
    • Microsoft 365 Integration
    • NPM Integration
    • CrowdStrike Integration
    • 1Password Integration
    • Lucid Integration
    • OneDrive Integration
    • JetBrains Integration
    • Google Analytics Integration
    • Hexnode Integration
    • SendGrid Integration
    • WordPress Integration
  • Notifications
    • Notification Channels
    • Email Notification Channel
    • Slack Notification Channel
    • Webhook Notification Channel
    • Opsgenie Notification Channel
    • PagerDuty Notification Channel
    • Amazon SNS Notification Channel
    • Parny Notification Channel
    • Linear Notification Channel
    • Jira Notification Channel
    • Microsoft Teams Notification Channel
  • Plugins
    • Raycast
  • Users and Permissions
    • User
    • User Roles
    • RBAC (Role-Based Access Control)
      • Custom Roles and Policies
    • SSO - Social Login
  • Settings
    • Accounts
    • Billing Policy
    • Pricing
      • Resource Count Calculation
Powered by GitBook
On this page
  • Resmo + Azure Active Directory Integration Fundamentals
  • What does Resmo offer to AzureAD users?
  • How does the integration work?
  • Common queries and rules
  • Integration walkthrough

Was this helpful?

  1. integrations

Azure Active Directory Integration

Integration guide for Resmo Azure Active Directory (Microsoft Entra ID) Integration.

PreviousMongoDB Atlas IntegrationNextCloudflare Integration

Last updated 1 year ago

Was this helpful?

Resmo + Azure Active Directory Integration Fundamentals

Resmo easily integrates with AzureAD to secure and query your entire resource asset.

What does Resmo offer to AzureAD users?

  • Collect and monitor all AzureAD resources in near real-time from one place

  • Query your assets with the simplified SQL language

  • Run automated rule checks with managed or custom rules

  • Get notified of rule changes in real-time

  • Discover historical data for your resource changes, queries, and rule violations

How does the integration work?

Resmo connects with AzureAD through an OAuth flow. Then, it initiates polling and aggregating your existing resources. After the initial polling, Resmo performs polling at regular intervals to collect resource changes in real-time.

Common queries and rules

  • View AzureAD organization-verified domains.

  • List guest users.

  • See Service Principal OAuth2 permissions.

  • Find user groups that are not assignable to any role.

  • List user accounts that are not enabled.

Integration walkthrough

How to Install

  1. Sign up or sign in to Resmo.

  2. Navigate to Integrations and select Azure Active Directory.

  3. Click the Add Integration button.

  4. Click Create.

  5. You'll be redirected to Azure. Accept permissions.

The required read-only access level permission scopes for the integration are as the following:

  • Maintain access to data you have given it access to

Allows the app to see and update the data you gave it access to, even when you are not currently using the app. This does not give the app any additional permissions.

  • Read all users' full profiles

Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on your behalf.

  • Read audit log data

Allows the app to read and query your audit log activities, on your behalf.

  • Read access reviews that you can access

Allows the app to read information on access reviews, reviewers, decisions and settings that you have access to.

  • Read all app catalogs

Allows the app to read apps in the app catalogs.

  • Read the names and descriptions of channels

Read channel names and channel descriptions, on your behalf.

  • Read the members of teams and channels

Read the members of channels, on your behalf.

  • Read the names, descriptions, and settings of channels

Read all channel names, channel descriptions, and channel settings, on your behalf.

  • Read Cloud PCs

Allows the app to read the properties of Cloud PCs, on your behalf.

  • Read consent requests

Allows the app to read consent requests and approvals, on your behalf.

  • Read your contacts

Allows the app to read contacts in your contact folders.

  • Read directory data

Allows the app to read data in your organization's directory.

  • Read domains

Allows the app to read all domain properties on your behalf.

  • Read identity providers

Allows the app to read your organization’s identity (authentication) providers’ properties on your behalf.

  • Read Microsoft Intune apps

Allows the app to read the properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft Intune.

  • Read Microsoft Intune Device Configuration and Policies

Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups.

  • Read devices Microsoft Intune devices

Allows the app to read the properties of devices managed by Microsoft Intune.

  • Read Microsoft Intune RBAC settings

Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings.

  • Read Microsoft Intune configuration

Allows the app to read Microsoft Intune service properties including device enrollment and third party service connection configuration.

  • Read all managed tenant information

Allows the app to read all managed tenant information on your behalf.

  • Read organization information

Allows the app to read the organization and related resources, on your behalf. Related resources include things like subscribed skus and tenant branding information.

  • Read all users’ relevant people lists

Allows the app to read a list of people in the order that is most relevant to you. Allows the app to read a list of people in the order that is most relevant to another user in your organization. These can include local contacts, contacts from social networking, people listed in your organization’s directory, and people from recent communications.

  • Read your organization's policies

Allows the app to read your organization's policies on your behalf.

  • Read role management data for all RBAC providers

Allows the app to read the role-based access control (RBAC) settings for all RBAC providers, on your behalf. This includes reading role definitions and role assignments.

  • Read your organization’s security events

Allows the app to read your organization’s security events on your behalf.

  • Read your organization's security actions

Allows the app to read security actions, on your behalf.

  • Read service health

Allows the app to read your tenant's service health information on your behalf.Health information may include service issues or service health overviews.

  • Read service messages

Allows the app to read your tenant's service announcement messages on your behalf. Messages may include information about new or changed features.

  • Read items in all site collections

Allow the application to read documents and list items in all site collections on your behalf.

  • Read data subject requests

Allows the app to read subject rights requests on your behalf.

  • Read teams' settings

Read all teams' settings, on your behalf.

  • Read the members of teams

Read the members of teams, on your behalf.

To enable the User Provisioning feature on Resmo, additional required permissions are:

  • Read and write all users' full profiles

Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, on your behalf.

  • Read and write group memberships

Allows the app to list groups, read basic properties, read and update the membership of your groups. Group properties and owners cannot be updated and groups cannot be deleted.

  1. Your integration is ready! Now you can start querying your Azure Active Directory resources!

How to Uninstall

  1. Log in to your Resmo account.

  2. Go to your Integrations page and select Azure AD.

  3. Go to the Connected Integrations tab from the opening modal and select the one you want to remove or disable.

4. To temporarily pause the integration, click the Disable button from the top right. Or, you can permanently remove it by clicking the Delete button.

Tip: Use for comprehensive monitoring of all Azure Active Directory activities and system events.

5. Optionally, you can remove your oAuth token after uninstalling the integration permanently. Follow the instructions .

Audit Logs
here
Azure Active DirectoryResource Directory
Logo