> ## Documentation Index
> Fetch the complete documentation index at: https://adapt.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Azure

> Connect Microsoft Azure to Adapt with a service principal to inspect and analyze your resources

Connect Microsoft Azure to Adapt by registering an app (service principal) in
Microsoft Entra ID and assigning it a read-only role on your subscription.

## Set up credentials

<Steps>
  <Step title="Register an app in Microsoft Entra ID">
    Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com/)
    and go to **Entra ID > App registrations > New registration**. Enter a name
    (for example, `adapt-readonly`), select
    **Accounts in this organizational directory only**, and click **Register**.
  </Step>

  <Step title="Copy the client and tenant IDs">
    On the app's **Overview** page, copy the **Application (client) ID** and the
    **Directory (tenant) ID**.
  </Step>

  <Step title="Create a client secret">
    Go to **Certificates & secrets > Client secrets > New client secret**. Add a
    description and expiration, then click **Add**. Copy the secret **Value**
    immediately, as it is shown only once.
  </Step>

  <Step title="Find your subscription ID">
    In the [Azure portal](https://portal.azure.com/), search for
    **Subscriptions**, select your subscription, and copy the
    **Subscription ID**.
  </Step>

  <Step title="Assign a Reader role">
    Still in the subscription, open **Access control (IAM) > Add > Add role
    assignment**. On the **Role** tab choose **Reader**. On the **Members** tab
    select **User, group, or service principal**, search for your app, then
    click **Review + assign**.

    <Note>
      Reader grants read-only access across the subscription. Scope the role
      assignment to a resource group or specific resource if you need to narrow
      access further.
    </Note>
  </Step>
</Steps>

## Connect to Adapt

<Steps>
  <Step title="Open Integrations">
    In Adapt, go to **Settings > Integrations**.
  </Step>

  <Step title="Find Azure">
    Search for **Azure** and select it from the catalog.
  </Step>

  <Step title="Start the connection">
    Click **Connect** to open the connection form.
  </Step>

  <Step title="Add your credentials">
    Enter the values you gathered above, then click **Add connection**:

    | Secret Name             | Value                                               |
    | ----------------------- | --------------------------------------------------- |
    | `AZURE_SUBSCRIPTION_ID` | Your subscription ID                                |
    | `AZURE_CLIENT_ID`       | Your app registration (service principal) client ID |
    | `AZURE_CLIENT_SECRET`   | Your client secret                                  |
    | `AZURE_TENANT_ID`       | Your directory (tenant) ID                          |

    You can rename the connection and choose whether it is shared with your
    organization or kept personal to you.
  </Step>

  <Step title="Test the connection">
    Ask Adapt to list your resource groups.
  </Step>
</Steps>

### Security

* Credentials are encrypted at rest with AES-256
* Assign the least-privilege role the task requires, such as **Reader**, and scope it to a resource group or resource rather than the whole subscription when possible
* Set a short expiration on the client secret and rotate it regularly
* Never share your client secret or commit it to source control

## Capabilities

Adapt can inspect and analyze your Azure resources within the role assigned to
the service principal, such as resource groups, virtual machines, and storage
accounts.

### Examples

```
List all resource groups in my subscription and their locations.
```

```
Summarize my running virtual machines by size and region.
```

```
Show storage accounts that allow public blob access.
```

```
Break down my Azure resources by type and count.
```