Required accounts and permissions for an Azure AD scan
To perform an Azure Active directory (AAD scan), configure the process and scan accounts.
Process account
The Process account executes the scan process on the selected collector. This account must have local administrative rights and interactive log in privileges on the collector. SolarWinds recommends leaving the input blank. ARM will use the service account from the base configuration.
Scan account
The Scan account performs the scan. Register an app in the Azure Portal and use the generated App ID and the Client Secret Value for the credentials. See Prepare the Microsoft/Office 365 integration for instructions.