Microsoft Entra ID (formerly Azure AD)

Sync users and groups from Microsoft Entra ID. Also pulls device inventory, MFA coverage, and app credential expiration via the discovery service.

Source connector

Source connector — pulls identity and access data from Microsoft Entra ID (formerly Azure AD) into ComplianceScout where it is scored against your compliance frameworks and violation rules.

What ComplianceScout collects

After a successful sync, the following data is available in your ComplianceScout dashboard for violation detection and reporting.

All Entra ID user accounts with profile, status, and MFA registration details
Group and role memberships including Privileged Identity Management assignments
Conditional Access policies and their enforcement state
Entra ID sign-in and audit logs for recent authentication events
Registered MFA methods per user (Authenticator app, FIDO2, phone, email)
Guest and external user accounts with invitation and redemption status

Required credentials

These fields are collected when you add the connector in the ComplianceScout dashboard. Secrets are encrypted at rest using AES-256-GCM and are never logged.

Field	Type	Required	Notes
Tenant ID	Text	Required	—
Client ID	Text	Required	—
Client secret	Secret	Required	—
Microsoft 365 environment	Select	Optional	Options: Commercial (default) · GCC-High (graph.microsoft.us)
Stale account threshold (days)	Text	Optional	Used by stale-account detection. Accounts with no sign-in in this many days are flagged. Default 90.
Include Guest users in MFA coverage	Select	Optional	Options: No — exclude Guest users (default) · Yes — include Guest users
MFA exclude patterns (glob, comma-separated)	Text	Optional	UPN patterns to exclude from the MFA coverage denominator. Default: svc_,service-,breakglass,admin-emergency

How to set up this connector

Follow these steps to gather the credentials above and connect Microsoft Entra ID (formerly Azure AD) to ComplianceScout.

In the Azure Portal, navigate to Microsoft Entra ID → App registrations → New registration. Name it "ComplianceScout" and leave the redirect URI blank.
After creating the registration, go to Certificates & secrets → New client secret. Set a 24-month expiry, click Add, and copy the secret value immediately.
Copy the Application (client) ID and Directory (tenant) ID from the app registration Overview page.
Go to API permissions → Add a permission → Microsoft Graph → Application permissions. Add: User.Read.All, Group.Read.All, Directory.Read.All, AuditLog.Read.All, Policy.Read.All. Click Grant admin consent.
In ComplianceScout, go to Data & Secrets → Integrations → Add Connector → Microsoft Entra ID, enter the Tenant ID, Client ID, and Client Secret, then click Test and Save.

Ready to connect Microsoft Entra ID (formerly Azure AD)?

Start a free trial — your tenant is provisioned instantly and you can wire up this integration from the connectors page.

Start a free trial Add connector →