Create an Azure App Registration with the required Microsoft Graph permissions and RBAC roles so AiStrike can collect Azure infrastructure posture, Defender alerts, and identity/audit telemetry. Setup is available via the Azure Portal or Terraform.
Prerequisites
The person creating the app registration needs, at the subscription or management-group level:
-
Global Administrator
-
User Access Administrator (or higher) at the Management Group level
Step 1: Create an App Registration
-
Sign in to the Azure Portal with an account that has the required permissions.
-
Go to Microsoft Entra ID > App registrations > New registration.
-
Enter a name (e.g.
AiStrikeAppRegistration), choose Single tenant or Multi-tenant, and click Register.
Step 2: Assign API permissions
Open the App Registration, go to API Permissions > Add a permission > Microsoft Graph > Application permissions, and add:
-
Application.Read.All, Directory.Read.All, EntitlementManagement.Read.All, RoleManagement.Read.All, User.Read.All
-
SecurityEvents.Read.All, SecurityAlert.Read.All, SecurityIncident.Read.All, IdentityRiskEvent.Read.All
-
Reports.Read.All, AuditLog.Read.All, MailboxSettings.Read, Sites.Read.All, Files.Read.All
To collect vulnerability information, go to API Permissions > APIs my organization uses > WindowsDefenderATP > Application permissions and add: Vulnerability.Read.All, Machine.Read.All, Software.Read.All, Alert.Read.All.
Then click Grant admin consent and confirm. All permissions should show Granted for <Tenant Name>.
Step 3: Assign roles at the Management Group level
-
Go to Management Groups and select the top-level management group.
-
Open Access management (IAM) > Add role assignment, select the app registration under Members, and assign:
-
Reader — read-only access to resources in subscriptions under the management group.
-
Security Reader — required to read Microsoft Defender for Cloud alerts.
Click Review and assign and validate under the Role assignments tab.
Step 4: Generate a client secret
-
Go to Certificates & secrets > New client secret.
-
Enter a description (e.g.
AiStrikeAppSecret) and an expiration period, then click Add. -
Copy the Value immediately — it won't be visible later.
Step 5: Retrieve application details
From the App Registration Overview page, note the Application (client) ID and Directory (tenant) ID. Via CLI:
az ad app list --display-name "AiStrikeAppRegistration" --query "[0].appId" -o tsv
az account show --query tenantId -o tsv
Terraform option
To automate app registration, permission assignment, RBAC roles, and secret generation, apply the AiStrike Azure onboarding module:
provider "azurerm" {
features {}
subscription_id = "12345678-1234-1234-1234-123456789abc"
}
module "aistrike_app" {
source = "https://aistrike-terraform-modules.s3.us-east-1.amazonaws.com/azure-onboarding.zip"
# Pass either management_group_ids or subscription_ids
subscription_ids = ["12345678-1234-1234-1234-123456789abc"]
}
output "client_id" { value = module.aistrike_app.client_id }
output "client_secret" { value = module.aistrike_app.client_secret }
output "tenant_id" { value = module.aistrike_app.tenant_id }
Ensure admin consent is granted after applying the script. The Client ID and Client Secret are shown in the Terraform output.
Connector configuration
Add the Client ID, Client Secret, and Tenant ID to the AiStrike Integrations connector. On success, your Azure environment begins populating in Inventory within a few hours, and future Microsoft Defender and security-service alerts flow into AiStrike per the configured permissions.