# Azure Services {% hint style="warning" %} This feature is in Early Release/BETA. Please contact your Epiphany Systems support or sales contact to learn more. {% endhint %} {% hint style="warning" %} This document is under construction. Please excuse our dust. {% endhint %} ## About This Document Epiphany Intelligence Platform requires a Microsoft Azure Active Directory (Azure AD) user account assigned to the role of **Workstation & Server admin** to collect and ingest information about Azure AD resources. This document describes the process for adding this user, assigning the role, and providing the credentials in the Epiphany portal. ## Overview Epiphany leverages Azure AD to establish permissions boundaries and actual privilege usage. Where other tools require agents, which are more invasive and risk causing system instability, Epiphany can use session and group enumeration data from Azure AD and other sources to provide qualitative risk. Azure AD is Microsoft’s enterprise cloud-based identity and access management (IAM) solution. Azure AD is the backbone of the Office 365 system, and it can sync with on-premise [Active Directory](https://www.varonis.com/blog/what-is-active-directory/) and provide authentication to other cloud-based systems via OAuth. Azure AD leverages concepts similar to traditional on-premise Active Directory (AD) such as: * Domain names (similar to tenant or organizational IDs in Azure AD). * User names (similar to service principal names, or SPNs). * Passwords (similar to application secrets). Roles are associated to SPNs similar to the way privileges are associated to users, groups, and other objects in traditional on-premise AD. For Epiphany to gather data and perform analysis, an account with global reader privileges is required. ## Version Compatibility * Epiphany Collector version 1.0 or later. ## Prerequisites * Azure AD portal access with an account that has permissions to create application registrations. ## What is Needed for Integration * The tenant ID for the Azure AD domain being integrated (also referenced as the organization ID in multi-tenant implementations of Azure AD). * An application ID with the role of global reader. * The application secret for the aforementioned application ID. [Legal Notice](/technical-documentation/legal-notice.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.reveald.com/technical-documentation/data-sources/azure-services.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.