Big savings, Better ROI! Exclusive discounts on ManageEngine Products!* Boost your business *T&C apply
    Click here to shrink
    Click here to expand Click here to expand

    Configure an Azure application and privileges

    Ensure that you have the following port open before configuring an Azure application and privileges. The HTTPS outbound port 443 needs to be open on the ADAudit Plus server as it is used for HTTPS and AMQP over WebSockets.

    To enable auditing for Azure file shares, you need to register an application in the Azure portal and assign the required roles for it. Then you need to grant the minimum privileges required for the Microsoft Graph API and obtain the client ID and client secret.

    Note: If you have already configured an Azure AD tenant in ADAudit Plus and prefer using the same application for Azure file share auditing, proceed with the steps to assign the required roles for the registered application.

    Register an application

    1. Open the Microsoft Azure portal and log in using your Microsoft account.
    2. Search for Microsoft Entra ID.

      Microsoft Entra ID

    3. Go to Manage > App registrations > + New registration to open the Register an application page.

      New registration

    4. Enter the application name (e.g., ADAudit Plus App).
    5. Under Supported account types, ensure that the Accounts in this organizational directory only (zohoadapazure only - Single tenant) option is selected.

      Supported account types

    6. Click Register.

    Assign the required roles for the registered application

    1. Go to Home > Subscriptions.
    2. Select a subscription name (e.g., Pay-As-You-Go).
    3. Select Access control (IAM) from the list.

      Access control (IAM)

    4. Click + Add at the top and select Add role assignment from the three options.

      Add role assignment

    5. Select the Reader role from the list and click Next.

      Reader

    6. Click + Select members and add the member to which you want to assign access (e.g., ADAudit Plus App).

      Select members

    7. Click Review + assign.

      Review

    8. Check that the specified role is assigned to the application at the subscription level.

      specified role

    Grant the minimum privileges required for the Microsoft Graph API

    To grant the necessary privileges for the Microsoft Graph API to allow the app to read data such as the users and groups, follow these steps:

    1. In the Azure portal, search for Microsoft Entra ID.

      Microsoft Entra ID

    2. Go to Manage > App registrations. Select your application under Owned applications (e.g., ADAudit Plus App).

      App registrations

    3. Go to Manage > API permissions > + Add a permission.

      Add a permission

    4. Select Microsoft Graph.

      Microsoft Graph

    5. Select Application permissions for the type of permissions required.

      Application permissions

    6. From the Directory list, select Directory.Read.All.

      Directory

    7. Click Add permissions.
    8. Click Grant admin consent for <Tenant name>, where <Tenant name> will be the name of your Azure tenant.

      Azure tenant

    9. Click Yes. The Not granted for <Tenant name> status will be changed to Granted for <Tenant name>.

      Granted

    Obtain the client ID and client secret

    1. In the Azure portal, search for Microsoft Entra ID.
    2. Go to Manage > App registrations. Select your application under Owned applications (e.g., ADAudit Plus App).
    3. Go to Manage > Certificates & secrets.

      Certificates & secrets

    4. Click + New client secret.
    5. Enter the description.
    6. Set the expiration date to 24 months, which is the maximum value that can be used.

      maximum value

    7. Click Add. The values will be displayed.
    8. Copy the client secret value. The generated Value is the client secret. This value will be displayed only once, so make sure to copy it securely.

      client secret

    9. Note down the Application (client) ID as the client ID. The client ID and secret ID will be necessary when configuring the tenant in ADAudit Plus.

      client ID

    Don't see what you're looking for?

    •  

      Visit our community

      Post your questions in the forum.

       
    •  

      Request additional resources

      Send us your requirements.

       
    •  

      Need implementation assistance?

      Try onboarding

       

    On this page

    Get download link