Microsoft Azure

ThreatKey for Microsoft Azure

ThreatKey supports discovery, monitoring, and automatic resolution of security findings for Azure AD tenants and selected subscriptions.


To connect an Azure tenant and subscription, you will be directed to run a PowerShell script that does the following:

  • Creates an Azure AD application
  • Generates Azure AD application credentials
  • Grants administrative consent for required Azure AD permissions
  • Transmits created credentials to ThreatKey and associates it with your ThreatKey Organization
  • Grants roles to a specified Azure Subscription

We do not obfuscate this PowerShell script and changes undergo code review from experienced PowerShell programmers. Feel free to download the script directly.


Our Azure connections currently support the ReadOnly and ReadWrite permission sets, which currently map to the following permissions:

  • ReadOnly
    • Azure AD
      • Directory.Read.All
      • Policy.Read.All
      • User.Read.All (for personal accounts)
      • Application.Read.All (for personal accounts)
    • Azure RBAC
      • Reader
      • Security Reader
  • ReadWrite (TBD)
    • Azure AD
      • Directory.Read.All
    • Azure RBAC
      • Contributor

The listed permission set may periodically and temporarily get out of sync of our documentation. For the latest permission sets, please reference the PowerShell script.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us