---

title: Microsoft Azure description: Configure Microsoft Azure integration for automatic compliance monitoring in Tidal Control sidebar_position: 2

Microsoft Azure

Configuring Azure integration

The Microsoft Azure integration enables Tidal Control to automatically execute compliance tests on your Azure environment and Entra ID configuration.

Requirements:

• Super User role in Tidal Control
• Entra ID app registration rights
• Azure subscription access for role assignments

Configuration methods

App integration (recommended)

Benefits of app integration:

• Faster and simpler - Fewer manual steps and configuration
• Less error-prone - Automatic permissions setup
• No credential management - Tidal manages authentication automatically

Setup process:

1. Go to Settings → Integrations in Tidal Control
2. Click Microsoft Azure tile
3. Select "App integration (recommended)"
4. Click "Click here to begin"
5. Log in via Azure portal when redirected
6. Review permissions and click "Accept"

Service Principal

When to use service principal:

• Full control over app registration and permissions required
• Organisation security policy doesn't allow external app integrations
• Custom credential management desired

Service principal disadvantages:

• More configuration steps and higher chance of errors
• Manual credential management (expiration tracking)
• Risk of incomplete permissions causing test failures

Service principal configuration:

The goal of these steps is to create a service principal in Azure and collect the required values to enter into Tidal later. Note the following values during configuration:

• Tenant ID
• Client ID
• Client Secret
• Integration name

Azure app registration:

1. Go to Azure portal → Entra ID → App registrations
2. Click "New registration"
   • Name: Tidal Control - Integration
   • Account types: Single tenant
3. Note Application (client) ID (save for Tidal configuration)
4. Note Directory (tenant) ID (save for Tidal configuration)

Generate client secret:

1. Go to "Certificates & secrets"
2. Click "New client secret"
   • Description: Tidal Control - Integration
   • Expires: 12 months
3. Click "Add"
4. Note secret value immediately (no longer visible after leaving page)

Configure API permissions:

1. Go to "API permissions" → "Add a permission"
2. Select Microsoft Graph → Application permissions
3. Add all permissions:
   • Directory.Read.All
   • User.Read.All
   • Device.Read.All
   • Application.Read.All
   • DeviceManagementManagedDevices.Read.All
   • GroupMember.Read.All
   • Group.Read.All
   • Organization.Read.All
   • Policy.Read.All
4. Click "Grant admin consent" for your tenant

Complete integration in Tidal:

1. Go to Settings → Integrations → Microsoft Azure
2. Select "Service Principal"
3. Fill in noted values:
   • Name: Recognisable name for the integration
   • Tenant ID: Directory (tenant) ID from Azure
   • Client ID: Application (client) ID from Azure
   • Client Secret: The created client secret

Azure subscription access

Assign Reader role per subscription:

For each Azure subscription you want to monitor:

1. Azure portal → Subscriptions → [Select subscription]
2. Access control (IAM) → Add role assignment
3. Select "Reader" role
4. Search for your Tidal integration (name you used in step 1)
5. Select integration and click "Assign"

Integration verification in Tidal

Check successful configuration:

• Settings → Integrations shows "Connected" status for Azure
• Test refresh delivers results without (authentication) errors

Troubleshooting issues:

• Verify all credentials are correctly entered
• Check admin consent has been granted for API permissions
• Confirm Reader role is assigned to relevant subscriptions

Still having trouble?

Send an email to support@tidalcontrol.com, and we'll get in touch as soon as possible.