LogoLogo
User GuideDeveloper DocumentationIntegrationsRelease Notes
  • 🏠Veza Documentation
  • ☑️Getting Started
  • 📖Veza Glossary
  • ❓Product FAQ
  • 🛡️Security FAQ
    • Advanced Security FAQ
  • Release Notes
    • 🗒️Release Notes
      • Release Notes: 2025-04-30
      • Release Notes: 2025-04-16
      • Release Notes: 2025-04-02
      • Release Notes: 2025-03-19
      • Archive
        • 2024.9.23
        • 2024.9.16
        • 2024.9.9
        • 2024.9.2
        • 2024.8.26
        • 2024.8.19
        • 2024.8.12
        • 2024.8.5
        • 2024.7.29
        • 2024.7.22
        • 2024.7.15
        • 2024.7.1
        • 2024.6.24
        • 2024.6.17
        • 2024.6.10
        • 2024.6.3
        • 2024.5.27
        • 2024.5.20
        • 2024.5.13
        • 2024.5.6
        • 2024.4.29
        • 2024.4.22
        • 2024.4.15
        • 2024.4.8
        • 2024.4.1
        • 2024.3.25
        • 2024.3.18
        • 2024.3.11
        • 2024.3.4
        • 2024.2.26
        • 2024.2.19
        • 2024.2.12
        • 2024.2.5
        • 2024.1.29
        • 2024.1.22
        • 2024.1.15
        • 2024.1.8
        • 2024.1.1
        • 2023.12.18
        • 2023.12.11
        • 2023.12.4
        • 2023.11.27
        • 2023.11.20
        • 2023.11.13
        • 2023.11.6
        • 2023.10.30
        • 2023.10.23
        • 2023.10.16
        • 2023.10.9
        • 2023.10.2
        • 2023.9.25
        • 2023.9.18
        • 2023.9.11
        • 2023.9.4
        • 2023.8.28
        • 2023.8.21
        • 2023.8.14
        • 2023.8.7
        • 2023.7.31
        • 2023.7.24
        • 2023.7.17
        • 2023.7.10
        • 2023.7.3
        • 2023.6.26
        • 2023.6.19
        • 2023.6.12
        • 2023.6.5
        • 2023.5.29
        • 2023.5.22
        • 2023.5.15
        • 2023.5.8
        • 2023.5.1
        • 2023.4.24
        • 2023.4.17
        • 2023.4.10
        • 2023.4.3
        • 2023.3.27
        • 2023.3.20
        • 2023.3.13
        • 2023.3.6
        • 2023.2.27
        • 2023.2.20
        • 2023.2.13
        • 2023.2.6
        • 2023.1.30
        • 2023.1.23
        • 2023.1.16
        • 2023.1.9
        • 2023.1.2
        • 2022.12.12
        • 2022.12.5
        • 2022.11.28
        • 2022.11.14
        • 2022.11.7
        • 2022.10.31
        • 2022.10.24
        • 2022.10.17
        • 2022.10.1
        • 2022.6.2
        • 2022.6.1
        • 2022.5.1
        • 2022.4.1
        • 2022.3.1
  • Features
    • 🔎Access Visibility
      • Graph
      • Query Builder
      • Saved Queries
      • Filters
      • Query Mode
      • Intermediate Entities
      • Regular Expressions
      • Tags
      • Tagged Entity Search
      • Assumed AWS IAM Roles
      • Veza Query Language
        • Quick Start
        • Syntax
        • VQL API
    • 💡Access Intelligence
      • Overview
      • Dashboards
        • Reports
        • Scheduled Exports of Query Results via a Secure Email Link
      • Risks
      • Analyze
      • Compare
      • Rules and Alerts
      • Entities
      • NHI Identify Classification Logic
      • NHI Secrets
    • 🔏Access Reviews
      • Get Started: Access Reviewers
      • Get Started: Review Operators
      • Access Review Tasks
        • Assign Reviewers
        • Create a Configuration
        • Create a Review
        • Draft Reviews
        • Edit a Configuration
        • Filters and Bulk Actions
        • Manage Access Reviews
        • Using the Reviewer Interface
        • Row Grouping for Access Reviews
        • Schedule an Access Review
      • Access Review Configuration
        • Access Reviews Query Builder
        • Access Reviews Global Settings
        • Configuring a Global Identity Provider
          • Alternate Manager Lookup
        • Customizing Default Columns
        • Email Notifications and Reminders
        • Identity Provider and HRIS Enrichment
        • Managers and Resource Owners
        • Multi-Level Review
        • 1-Step Access Reviews
        • On-Demand Reviews
        • Veza Actions for Access Reviews
        • Review Intelligence Policies
        • Review Presentation Options
        • Reviewer Selection Methods
        • Reviewer Digest Notifications
      • Access Review Scenarios
        • Access Reviews: Active Directory Security Groups
        • Access Reviews: Okta App Assignments
        • Access Reviews: Okta Group Membership
        • Access Reviews: Okta Admin Roles
        • Access Reviews: Azure AD Roles
        • Access Reviews with Saved Queries
        • Source-Only Access Reviews
    • 📊Access Monitoring
    • 🔄Lifecycle Management
      • Implementation and Core Concepts
      • Access Profiles
      • Policies
      • Conditions and Actions
      • Attribute Sync and Transformers
        • Lookup Tables
      • Integrations
        • Active Directory
        • Exchange Server
        • Okta
        • Salesforce
        • Workday
    • ⚖️Separation of Duties (SoD)
      • Managing SoD Risks with Veza
      • Creating SoD Detection Queries
      • Analyzing Separation of Duties Query Results
      • Example Separation of Duties Queries
      • SoD Manager Assignment
      • Access Reviews for SoD
  • Integrations
    • ✨Veza Integrations
      • Adobe Enterprise
      • Amazon Web Services
        • Add Existing AWS Accounts
        • Automatically Add New AWS Accounts
        • AWS DynamoDB
        • AWS KMS
        • AWS RDS MySQL
        • AWS RDS PostgreSQL
        • AWS Redshift
        • Activity Monitoring for AWS
        • Using AWS Secrets Manager for RDS Extraction
        • Notes & Supported Entities
      • Anaplan
      • Atlassian Cloud Products
      • Auth0
      • BambooHR
      • Bitbucket Data Center
      • BlackLine
      • Beeline
      • Boomi
      • Box
      • Bullhorn
      • Cassandra
      • Cisco Duo
      • Clickhouse
      • Concur
      • Confluence Server
      • Confluent
      • Coupa
      • Coupa Contingent Workforce
      • Crowdstrike Falcon
      • CSV Upload
        • CSV Upload Examples
        • CSV Upload Troubleshooting
        • CSV Upload API
      • Databricks (Single Workspace)
      • Databricks (Unity Catalog)
      • Delinea Secret Server
      • Device42
      • DocuSign
      • Dropbox
      • Egnyte
      • Expensify
      • Exchange Online (Microsoft 365)
      • Fastly
      • Google Cloud
        • Check Google Cloud Permissions
        • Notes & Supported Entities
      • Google Drive
      • GitHub
      • GitLab
      • HashiCorp Vault
      • HiBob
      • Hubspot
      • IBM Aspera
      • iManage
      • Ivanti Neurons
      • Jamf Pro
      • Jenkins
      • JFrog Artifactory
      • Jira Data Center
      • Kubernetes
      • LastPass
      • Looker
      • MongoDB
      • Microsoft Active Directory
      • Microsoft Azure
        • Azure SQL Database
        • Azure PostgreSQL Database
        • Microsoft Dynamics 365 CRM
        • Microsoft Dynamics 365 ERP
        • Notes & Supported Entities
      • Microsoft Azure AD
      • Microsoft SharePoint Online
      • Microsoft SharePoint Server
      • Microsoft SQL Server
      • MuleSoft
      • MySQL
      • NetSuite
      • New Relic
      • Okta
        • Okta MFA status
      • OneLogin
      • OpenAI
      • Oracle Cloud Infrastructure
      • Oracle Database
      • Oracle Database (AWS RDS)
      • Oracle E-Business Suite (EBS)
      • Oracle EPM
      • Oracle Fusion Cloud
      • Oracle JD Edwards EnterpriseOne
      • PagerDuty
      • Palo Alto Networks SASE/Prisma Access
      • PingOne
      • PostgreSQL
      • Power BI
      • Privacera
      • PTC Windchill
      • Qualys
      • QNXT
      • Ramp
      • Redis Cloud
      • Rollbar
      • Salesforce
      • Salesforce Commerce Cloud
      • SCIM integration
      • ServiceNow
      • Slack
      • Smartsheet
      • Snowflake
        • Snowflake Native Application
        • Snowflake Masking Policies
        • Exporting Saved Query Results to Snowflake
        • Audit Log Export
        • Event Export
      • Solarwinds
      • Spotio
      • Sumo Logic
      • Tableau Cloud
      • Teleport
      • Terraform
      • ThoughtSpot
      • Trello
      • Trino (PrestoSQL)
      • UKGPro
      • Veza
      • Windows Server
        • Enterprise Deployment
      • Workato
      • Workday
      • YouTrack
      • Zendesk
      • Zip
      • Zoom
      • Zscaler
      • 1Password
    • 🎯Integrations Overview
    • ⚠️Prerequisites and Connectivity
      • Insight Point
        • Deploying an Insight Point using the install script
        • Deploy with AWS EC2
        • Deploy with Virtual Appliance
          • Deploy with Virtual Appliance (Legacy)
        • Deploy with Azure Container Instances
        • Insight Point (Helm Chart)
      • Certificates with OpenSSL
    • ⚙️Configuring Integrations
      • Integrations FAQ
      • Extraction and Discovery Intervals
      • Custom Identity Mappings
      • Limiting Extractions
      • Enrichment Rules
      • ℹ️Running Veza Scripts with Python
  • Administration
    • 🛠️Veza Administration
      • Securing Your Veza Tenant
      • Veza Actions
        • Slack
        • ServiceNow
        • Jira
        • Webhooks
      • Virtual Private Veza
      • System Events
      • Sign-In Settings
        • Single Sign-On with Okta
        • Single Sign-On with Okta (OIDC)
        • Single Sign-On with Microsoft Entra
      • User Management
        • Multi-factor Authentication
        • Team Management
        • Support User Access
  • Developers
    • 🌐Veza APIs
      • Authentication
      • Troubleshooting
      • Pagination
      • Open Authorization API
        • Getting Started
        • Core Concepts
          • Connector Requirements
          • Using OAA Templates
          • Providers, Data Sources, Names and Types
          • Sourcing and Extracting Metadata
          • Naming and Identifying OAA Entities
          • Modeling Users, Permissions, and Roles
          • Custom Properties
          • Tagging with OAA
          • Cross Service IdP Connections
          • Incremental Updates
        • OAA Push API
          • OAA Operations
        • OAA Templates
          • Custom Application
          • Custom Identity Provider
          • Custom HRIS Provider
        • OAA .NET SDK
          • C# OAA Application Connector
        • OAA Python SDK
          • Application Outline
          • oaaclient modules
            • Client
            • Structures
            • Templates
            • Utils
        • Sample Apps
        • Example Connectors
      • Integration APIs
        • Enable/Disable Providers
        • Cloud Platforms and Data Providers
        • Identity Providers
        • Data Sources
        • Sync and Parse Status
      • Query APIs
        • Quick Start
        • Query Builder Terminology
        • Query Builder Parameters
        • Query Builder Results
        • List saved queries
        • Save a query
        • Get a saved query
        • Update a query
        • Delete a query
        • Get query node destinations
        • Get query nodes
        • Get query result
        • Get query spec node destinations
        • Get query spec nodes
        • Get query spec results
        • Private APIs
          • Get Access Relationship
          • Role Existence
          • Role Maintenance
          • Cohort Role Analysis
        • Tags
          • Create, Add, Remove Tag
          • Promoted Tags
      • Access Reviews APIs
        • Workflow Parameters Reference
        • List Workflows
        • List Certifications
        • List Certification Results
        • Update Certification Result
        • Force Update Result
        • Update Webhook Info
        • Get Certification Result
        • Manage Reviewer Deny List
        • Quick Filters
        • Help Page Templates
        • Smart Action Definitions
        • Delegate Reviewers
        • List Reviewer Infos
        • Get Access Graph
        • Automations API
        • Global Settings APIs
      • System Audit Logs
      • System Events
      • Notification Templates
        • Notification Templates API
      • Team and User Management APIs
        • Team API Keys
      • SCIM Provisioning
        • SCIM API Reference
        • SCIM Provisioning with Okta
  • Product Updates
    • 🆕Product Updates
      • Product Update: March'25
      • Product Update: February'25
      • UX Update - Integration Management
      • Product Update: January'25
      • Product Update: December'24
      • Product Update: November'24
      • Product Update: October'24
      • Product Update: September'24
      • Product Update: August'24
      • UX Update: Veza Integrations
      • Product Update: July'24
      • Product Update: June'24
      • Product Update: May'24
      • Product Update: April'24
      • UX Update - Enhanced Reviewer Experience for Veza Access Reviews
      • Product Update: March'24
      • Product Update: February'24
      • Design Update: February'24
      • UX Update - New Navigation Experience
      • UX Update - Access Review Dashboards
      • Building Veza’s Platform and Products
      • Veza Product Update - Jan'24
      • Veza Product Update - 2H 2023
      • Veza Product Update - December'23
      • Veza Product Update - November'23
      • Veza Product Update - October'23
      • Veza Product Update - September'23
      • Veza Product Update - August'23
      • Veza Product Update - July'23
      • Veza Product Update - June'23
      • Veza Product Update - May'23
      • Veza Product Update - April'23
      • Veza Product Update - March'23
      • Veza Product Update - Feb'23
      • Veza Product Update - Jan'23
Powered by GitBook
On this page
  • Integrating with Microsoft Azure
  • Connecting to SharePoint
  • Custom Security Attributes
  • Enable Privileged Identity Management (PIM)
  • Enable Dynamics 365
  • Enable Microsoft Intune
  • Enable Microsoft Teams

Was this helpful?

Export as PDF
  1. Integrations
  2. Veza Integrations

Microsoft Azure

Configuring the Veza integration for Microsoft Azure

PreviousMicrosoft Active DirectoryNextAzure SQL Database

Last updated 1 day ago

Was this helpful?

Veza connects to Azure tenants using an App Registration granted read-only permissions for the Microsoft Graph API. You will need an app client ID, client secret, and the Azure tenant ID to enable the connection in Veza.

Adding an Azure tenant will parse all its services, including Azure AD as an Identity Provider (IdP), and Microsoft SharePoint Online as an additional data source.

See Notes & Supported Entities for more details and supported Microsoft services.

Integrating with Microsoft Azure

To integrate with Microsoft Azure, you will need to create an App Registration with read-only permissions for the services to discover. You will enter the App Registration's credentials when adding the Veza integration:

1. Register a new application for Veza

  1. From your Azure tenant profile, navigate to App Registrations > New Registration

  2. Name the new application (for example Veza Integration)

  3. Select Accounts in this organizational directory only (tenantname only - Single tenant), and click "Register" to save your changes.

2. Grant permissions for the new app

  1. With the new app registration selected, choose Manage > API Permissions and click "Add a Permission"

  2. Select Microsoft Graph. Click "Application Permissions" and add the permissions:

    • Application.Read.All

    • AuditLog.Read.All (Required to collect last login date for users)

    • CustomSecAttributeAssignment.Read.All (Required to gather custom security attributes)

    • DeviceManagementManagedDevices.Read.All (Required to collect Intune devices)

    • DeviceManagementRBAC.Read.All (Required to collect Intune roles)

    • Device.Read.All (Required to collect Entra ID devices)

    • Directory.Read.All

    • Files.Read.All

    • Group.Read.All

    • GroupMember.Read.All

    • IdentityRiskyUser.Read.All

    • PrivilegedAccess.Read.AzureAD (Required for PIM roles and groups)

    • Reports.Read.All (Required when connecting to SharePoint Online)

    • RoleManagement.Read.All (Required for PIM roles and groups)

    • Sites.Read.All

    • User.Read.All

  3. Enable "Grant Admin Consent" on the API permissions screen.

The delegated User.Read permission should be granted automatically. If it isn't present, add the permission from Add a Permission > Microsoft Graph > Delegated Permissions.

3. Enable SharePoint integration (optional)

Additional API permissions are required if you plan to connect to SharePoint Online. To grant read-only access for Veza, choose SharePoint on the app registration "Add a Permission" screen, and grant the application permissions:

  • User.Read.All

  • Sites.Read.All

The app registration will also need the Reports.Read.All Microsoft Graph permission from the previous step.

Enable audit log parsing for activity-based extraction

Audit log extraction for SharePoint is provided as an Early Access feature. Please contact your support team to enable this configuration option.

Enabling activity-based scheduling should help reduce lag between extractions, reducing the total time required to ingest large SharePoint environments. Please see below for the requirements and optional steps to enable:

    1. Go to https://compliance.microsoft.com and sign in. Click Audit.

    2. If auditing isn't enabled, a banner will prompt to Start recording user and admin activity.

    3. Click the banner to enable auditing, and wait for the changes to propogate.

      1. Set-AdminAuditLogConfig -UnifiedAuditLogIngestionEnabled $true

  1. The Enterprise App used by Veza must have ActivityFeed.Read permission on the Office 365 Management API:

  2. After you finish integrating the Azure tenant, enable audit log extraction under Veza Configuration → Cloud Providers. The audit log status column should update to show that extraction is enabled:

4. Generate a Client Secret

  1. From Certificates & Secrets, click "New Client Secret" and select an expiration date. Click "Add" to generate a new client secret value and ID.

  2. Copy the client secret Value, which you'll use to configure the integration within Veza.

5. Get the Application and Directory unique identifier

  1. Open the Overview screen for the new application. Copy the Application (client) ID.

  2. Copy the value for Directory (tenant) ID. You will need both values when adding the provider to Veza.

6. Assign the Reader role for the Veza app

  1. From the Azure Subscription, select Access control (IAM)

  2. Click on "+ Add" -> "Add role assignment"

  3. Select "Reader" as the role

  4. Select User, Group, or Service Principal" under Assign Access To

  5. Select or search for the Veza app, and assign it the "Reader" role

  6. (Optional) Assign the "Reader and Data Access" role to discover storage accounts and keys.

  7. Save your changes

(Optional) Assign the Cosmos DB Account Reader role

To discover Azure CosmosDB resources, assign the Cosmos DB Account Reader role to the Veza app:

  1. Navigate to your CosmosDB account in Azure Portal

  2. Select Access control (IAM)

  3. Click "+ Add" -> "Add role assignment"

  4. Select "Cosmos DB Account Reader" as the role

  5. Choose "User, Group, or Service Principal" under Assign access to

  6. Search for and select the Veza app

  7. Save the role assignment

7. Add Key Vault Permissions (Optional)

  1. On the Key Vaults services page, choose the vault Veza will discover.

  2. Select Access policies.

  3. Click + Create.

  4. Select List under Key Permissions, Secret permissions, and Certificate permissions.

  5. Click Next.

  6. Search and select the Veza app as the Authorized Application.

  7. Click Next, Next, and Create to save the policy.

8. Add the Azure tenant to Veza

After completing the steps above, you can add the credentials and enable discovery by navigating to Veza Integrations > Add Integration. Choose Azure as the Integration Type.

Field
Notes

Insight Point

Leave default unless using an Insight Point

Name

Friendly name for the account

Tenant ID

Azure tenant ID to discover

Application ID

App UUID

Client Secret Value

App client secret value

Auth Certificate

Optional certificate for connecting to SharePoint

Auth certificate password

Password for SharePoint certificate (optional)

Limit Azure services extracted

Choose individual services to discover (See below)

Domains

Comma-separated list of domains to discover, ignoring any others

Dynamics 365 CRM Environments

Optional list of Dynamics 365 CRM environments to discover, e.g. https://org50e57fbd.crm.dynamics.com.

Dynamics 365 ERP Environments

Optional list of Dynamics 365 ERP environments to discover, e.g. https://company.operations.dynamics.com.

Azure Gov Cloud

Azure Government Cloud region where the tenant is located (currently supported: "None," "US").

Extract PIM Eligibility

Optionally discover temporary role assumptions based on Privileged Identity Management scheduling rules.

Veza will gather metadata for all discovered Azure AD (Entra ID) domains for the tenant. Use the Domains list to only include the specified domains in the extraction.

Limit Services

Option
Details

Gather disabled users

Whether to include disabled users

Gather guest users

Whether to parse identity metadata for Azure AD Guest users

Gather personal sites

Whether to include personal SharePoint sites

Data source allow/deny lists

Indicate resources to ignore by name or *

Custom Properties

Troubleshooting

Connecting to SharePoint

Custom Security Attributes

To enable custom property extraction:

  1. Add or edit a new Azure cloud provider configuration.

  2. On the provider configuration modal, click + Add Custom Property.

  3. Provide the type and name of the custom property.

    1. For Azure AD, the name is the attribute name of the custom security attribute. The data type is a property of the custom security attribute (Boolean, Integer, or String).

    2. For example: (EngineeringCertification, Boolean), (MarketingLevel, String).

  4. Save the configuration. The custom attributes will be collected the next time the data source is parsed.

Enable Privileged Identity Management (PIM)

To enable PIM extraction:

  1. Ensure the required permissions are granted to the Veza app:

    • RoleManagement.Read.All

    • PrivilegedAccess.Read.AzureAD

    • Group.Read.All

  2. When configuring the Azure integration, set the "Extract PIM Eligibility" option to "Yes"

  3. Save the configuration. PIM assignments will be collected during the next extraction

Enable Dynamics 365

The Microsoft Azure integration includes optional support for Microsoft Dynamics 365. This integration allows Veza to discover connections between Azure AD Users, Groups, and Service Principals, and the permissions they can assume within Dynamics 365 environments.

Veza supports both Dynamics 365 CRM and Dynamics 365 ERP environments:

For full setup instructions and supported entities, see the specific integration guides.

Enable Microsoft Intune

The Microsoft Azure integration includes optional support for Intune, including Managed Devices and Role Definitions. Veza discovers and shows connections between Azure AD Users and Groups, and the Devices and Roles to which they are assigned in Intune.

In order to extract Intune, Veza requires the following Application Permissions for the Microsoft Graph API:

  • DeviceManagementManagedDevices.Read.All

  • DeviceManagementRBAC.Read.All

Enable Microsoft Teams

  • Team.ReadBasic.All

  • TeamMember.Read.All

  • Channel.ReadBasic.All

  • ChannelMember.Read.All

  • User.Read.All

For more information, see the .

Policy.Read.All (Used to evaluate policies)

For a complete overview and visual guide, see the official Azure documentation on .

When is enabled for an Azure tenant, Veza will gather audit logs using the Office 365 Management Activity API, and only connect to SharePoint Online for a full update when changes occur.

Auditing must be enabled in the

Alternatively, use the :

When adding permisions to , add the additional permission for the app registration: API permissions → Office 365 Management APIs → Application permissions → ActivityFeed.Read

For each Azure subscription to discover, you will need to add the new Veza app as a . If you don't have any subscriptions (as will be the case if only integrating with Azure AD as an identity provider), this step is optional.

This role provides the minimum required permissions to discover CosmosDB accounts, SQL role definitions, SQL role assignments, and databases. See for more details.

To connect to Azure Key Vault, a must grant the Veza app List permissions on Keys, Secrets, and Certificates. To create this policy:

Additional options on the "add provider" panel enable extracted:

Indicate to gather

If the initial connection fails with the status "Insufficient privileges to complete the operation," validate that the correct are granted, and are granted with the type application and not delegated.

You can connect to SharePoint Online by uploading a .PFX certificate generated for app-only access, and optionally providing a password for the certificate. For information about generating the certificate, please see the . You will also need to update the permissions granted the Veza app to include User.Read.All and Sites.Read.All, as outlined in the .

Veza can optionally gather and show on Azure AD objects. The custom properties to discover must be identified by name and type in the Azure tenant configuration.

An Azure AD Premium P1 or P2 license is to use Custom Attributes for Azure AD. The Enterprise Application used by Veza must have the CustomSecAttributeAssignment.Read.All Microsoft Graph permission.

If the custom properties are part of an , include the attribute set name as a prefix, for example <AttributeSetName>_<AttributeName>.

Veza supports Azure Privileged Identity Management (PIM) for both roles and groups. For more information about PIM support, see the .

- Customer relationship management environments (URLs such as https://orgXXXXXXX.crm.dynamics.com)

- Enterprise resource planning environments (URLs such as https://xxx.operations.dynamics.com)

To discover resources, including teams, channels, and relationships to external organization users, Veza requires the additional Graph API permissions:

✨
full instructions from Microsoft
Conditional Access
configuring client application access
Microsoft Purview compliance portal
Exchange Power Shell
Reader
Key Vault access policy
limits on the data sources and identities
Microsoft documentation
SharePoint setup instructions
custom security attributes
required
Attribute Set
Dynamics 365 CRM
Dynamics 365 ERP
Enable SharePoint integration (optional)
API Permissions
custom security attributes
Azure AD documentation
audit log extraction
Veza for Azure
Check that Admin Consent is granted
Adding additional SharePoint permissions
enabling audit log extraction
Mark down the client secret
Retrieving Azure IDs
Assigning the reader role
Key Vault permissions for the Veza enterprise app.
Azure CosmosDB Support
Microsoft Teams