AzureProof Docs
getting started

Connecting your Azure tenant

Register the AzureProof app and grant the read-only permissions we need.

AzureProof needs a service principal in your tenant with read-only access to the resources it will inspect.

Required permissions

  • Microsoft Graph: Directory.Read.All
  • Azure Resource Manager: Reader on each subscription
  • Microsoft Defender for Cloud: Security Reader

Suggested CLI

az ad sp create-for-rbac \
  --name "azureproof-readonly" \
  --role "Reader" \
  --scopes /subscriptions/<sub-id>