Azure AD / Entra ID

Scraper

Mission Control integrates with Azure Active Directory (Entra ID) to provide visibility into your identity infrastructure.

---

Scraper

Use cases:

• Discover users, groups, and their memberships across your tenant
• Track app registrations and enterprise applications
• Monitor service principal configurations and permissions
• Audit app role assignments and authentication methods
• Correlate identity resources with Azure subscriptions and Kubernetes RBAC

Discover and track Azure AD resources in the catalog.

What You Can Scrape

• Users: All user accounts with their profile information
• Groups: Security and Microsoft 365 groups with membership
• App Registrations: Applications registered in your tenant
• Enterprise Applications: Service principals and their configurations
• App Role Assignments: Who has access to which applications

Example

azure-ad-scraper.yaml
apiVersion: configs.flanksource.com/v1
kind: ScrapeConfig
metadata:
  name: azure-ad
spec:
  schedule: "@every 1h"
  azure:
    - tenantID: your-tenant-id
      clientID:
        valueFrom:
          secretKeyRef:
            name: azure-credentials
            key: client-id
      clientSecret:
        valueFrom:
          secretKeyRef:
            name: azure-credentials
            key: client-secret
      activeDirectory:
        users: true
        groups: true
        appRegistrations: true
        enterpriseApplications: true

Prerequisites

To scrape Azure AD resources, your service principal needs the following Microsoft Graph API permissions:

• User.Read.All - Read user profiles
• Group.Read.All - Read groups and memberships
• Application.Read.All - Read app registrations
• Directory.Read.All - Read directory data

Next Steps

Azure Integration

Learn about Azure resource scraping

Config DB Reference

Explore configuration scraping capabilities