Required accounts and permissions for an Azure AD scan

To perform an Azure AD scan, you must configure two accounts:

Process Account

The "Process account" is used to execute the scan process on the selected collector. This account must have local administrative rights and interactive logon privileges on the collector. Recommended: You can leave the input blank and ARM will use the service account from the base configuration.

Scan Account

The "scan account" is used for the actual scan. As described in the "Prepare Microsoft365 integration" chapter, you need to register an app in the Azure portal and use the generated App ID and the Client Secret Value as credentials.

Search SolarWinds Support

Required accounts and permissions for an Azure AD scan

Process Account

Scan Account