Skip to main content
This guide explains how to register and configure an application in Microsoft Entra ID (Azure AD) so Configview can access:
  • Microsoft Graph APIs
  • Azure Management APIs
  • Microsoft 365 data
  • Azure subscription data
This setup is required for secure service-to-service authentication using client credentials.

Overview of What You’ll Configure

You will:
  1. Retrieve your Tenant ID
  2. Register an Azure AD application
  3. Generate a client secret
  4. Configure API permissions
  5. Assign Azure RBAC permissions (Reader role)
  6. Add required secrets to Configview
Keep the Configview Secrets page open during this process: https://configview-dashboard-frontend.vercel.app/admin/secret/

Step 1: Retrieve Your Tenant ID

  1. Go to Microsoft Entra ID
    https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/Overview
  2. Copy the Tenant ID from the Overview page.
  3. In Configview Secrets, paste it into:
MSFT_TENANT_ID ⚠️ Do not change the key name.
  1. Click Save.

Step 2: Register a New Application

  1. Go to the Azure Portal
    https://portal.azure.com/
  2. Navigate to:
    Microsoft Entra ID → App registrations
  3. Click New registration
  4. Configure:
    • Name: Configview (or similar)
    • Supported account types: Single tenant
    • Redirect URI: Optional (not required for client credential flow)
  5. Click Register
After registration, copy the: Application (client) ID Add it to Configview Secrets as: MSFT_CLIENT_ID

Step 3: Create a Client Secret

  1. In your registered application, go to Certificates & Secrets.
  2. Under Client Secrets, click New client secret.
  3. Configure:
    • Description: Configview
    • Expiration: 1–2 years recommended
  4. Click Add.
  5. Immediately copy the Value (NOT the Secret ID).
Add it to Configview Secrets as: MSFT_CLIENT_SECRET_ID ⚠️ The secret value will not be visible again after leaving the page.

Step 4: Configure Microsoft Graph API Permissions

  1. Expand Managed > API Permissions.
  2. Click Add a permission.
  3. Select Microsoft Graph.
  4. Choose Application permissions (not Delegated).
Add the following permissions:

Copy and paste them in the select permissions window
  1. **Click Add Permissions **
  2. Grant admin consent Check. Yes to confirm
  3. Remove the delegated permission for User.Read Delegated

Step 1 — Go to:

Azure Portal →
Subscriptions
Select your subscription →

Step 2 — Click:

Access Control (IAM)

Step 3 — Add Role Assignment

Assign your App Registration (Service Principal) one of these roles:
  • Reader (read-only)
review & assign

Step 5: Assign Reader Role in Azure

(Required for Azure Data) This must be done for each subscription, or once at the Root Management Group (recommended).

Assign at Root Management Group

  1. Go to Resource Manager
  2. **Expand Organization **
  3. Click Management Groups.
  4. Select your Tenant Root Group.
  5. Go to Access control (IAM).
  6. Click Add → Add role assignment.
Configure:
  • Role: Reader
  • Assign access to: application you created
  1. Click Review and assign Save.

Step 7: Configure Required Secrets in Configview

Add the following secrets in the Configview Secrets manager.
Make sure values are entered exactly as shown.
SecretValueNotes
MSFT_SCOPEhttps://graph.microsoft.com/.defaultMust match exactly
MSFT_AZURE_SCOPEhttps://management.azure.com/.defaultMust match exactly
MSFT_TOKEN_URLhttps://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/tokenReplace {tenant_id} with your Tenant ID
MSFT_TENANT_IDYour Tenant IDMicrosoft Entra ID → Overview
MSFT_CLIENT_IDApplication (client) IDFrom App Registration
MSFT_CLIENT_SECRET_IDClient Secret ValueCertificates & Secrets → Secret Value (not Secret ID)

Important Notes

  • Always select Application permissions, not Delegated.
  • Admin consent is required after adding permissions.
  • Client secret values cannot be retrieved after creation.
  • Reader role assignment is required for Azure subscription ingestion.
  • Assigning at the Root Management Group applies to all subscriptions beneath it.