Azure AI Foundry — Pilot Permissions
Quick reference for the Azure permissions required to run a SecurityV0 pilot with the Azure AI Foundry connector. This covers Microsoft-only environments (no ServiceNow required).
For detailed setup instructions and full integration scope, see the connector-level CISO brief in the sv0-connectors repository.
What You Need
One Entra app registration with the following roles and permissions:
RBAC Roles (assigned in Azure Portal)
| Role | Scope | Required? | Purpose |
|---|---|---|---|
| Reader | Subscription(s) containing Foundry resources | Required | Discover AIServices accounts, projects, managed identities, ARM role assignments |
| Azure AI User | AIServices account(s) | Required | List AI agents, connections, execution evidence |
Graph API Permissions (Application type, requires admin consent)
| Permission | Required? | Purpose |
|---|---|---|
Application.Read.All | Required for full authority paths | Service principal details (credential types, account state) |
Directory.Read.All | Required for full authority paths | Service principal owners (ownership validation) |
User.Read.All | Required for full authority paths | Owner account status — detect when an owner's account has been disabled (e.g. departed employee) while the agent keeps running |
AuditLog.Read.All | Optional (needs P1/P2 licence) | Sign-in timestamps (dormancy detection) |
Note on User.Read.All: Azure does not remove SP ownership when a user account is disabled. This permission allows a targeted lookup of each owner's account state to detect orphaned agents. Only users registered as technical owners are queried — the scan does not enumerate the user directory.
Why Entra Permissions Matter (Even Without ServiceNow)
The Foundry connector discovers AI agents and their infrastructure. But complete authority path analysis requires Entra identity-plane data:
- Managed identity enrichment — each Foundry project uses a system-assigned managed identity. Graph API resolves its service principal details.
- Ownership resolution — the platform evaluates whether identities have active individual owners. Without
Directory.Read.All+User.Read.All, ownership status cannot be fully validated (disabled owners appear active). - Dormancy detection — sign-in timestamps determine if an identity is dormant. Without
AuditLog.Read.All, dormancy cannot be assessed (non-blocking).
Without Graph permissions the connector still runs, but the platform cannot evaluate ownership or dormancy — the core exposure conditions.
Minimal vs Recommended
| Level | Permissions | What works | What doesn't |
|---|---|---|---|
| Minimal | Reader + Azure AI User | Infrastructure discovery, agent listing, connection mapping | No ownership, no dormancy, no identity enrichment |
| Recommended | Minimal + Application.Read.All + Directory.Read.All + User.Read.All | Full authority paths, ownership evaluation (including disabled owner detection), exposure findings | No dormancy detection |
| Full | Recommended + AuditLog.Read.All | Everything including dormancy detection | Requires Azure AD P1/P2 licence |
Credentials
A single set of credentials covers all APIs:
AZURE_TENANT_ID=<directory-tenant-id>
AZURE_CLIENT_ID=<app-registration-client-id>
AZURE_CLIENT_SECRET=<client-secret>
No ServiceNow credentials, no additional service accounts, no inbound network access required.
Setup Time
~15 minutes for an Azure admin:
- Create app registration + client secret (5 min)
- Assign Reader on subscription (2 min)
- Assign Azure AI User on AIServices account (2 min)
- Add Graph API permissions + admin consent (5 min)
- Share credentials via secure channel
What the Connector Does NOT Do
- Does not write to or modify any Azure resource
- Does not access end-user or customer business data, mailboxes, or files
- Does not read agent conversation content (prompts, responses)
- Does not rotate credentials or change permissions
- Does not require inbound network access
Detailed Documentation
| Document | Location | Content |
|---|---|---|
| Pilot Integration Scope (CISO Brief) | sv0-connectors/integrations/azure-foundry/docs/foundry-azure-pilot-integration-scope.md | Full permission details, data accessed, PII position, deployment checklist, graceful degradation |
| Connector Setup Guide | sv0-connectors/integrations/azure-foundry/SETUP.md | Step-by-step Azure Portal instructions with screenshots context |
| Foundry Integration Spec | integrations/foundry/index.md | Architecture-level integration specification (what data is collected, determinism constraints) |
| Azure Integration Spec | integrations/azure/index.md | Entra identity-plane integration specification |