.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
Documentation Index
Fetch the complete documentation index at: https://help.dsalta.com/llms.txt
Use this file to discover all available pages before exploring further.
Overview
Azure Active Directory is Microsoft’s legacy cloud identity service (now Microsoft Entra ID). DSALTA monitors user accounts, MFA status, and access permissions for organizations still using the Azure AD branding.Read-only access. DSALTA never modifies, creates, or deletes resources in your Azure Active Directory environment. All API access is strictly read-only.
Integration Details
| Property | Value |
|---|---|
| Category | Identity Provider |
| Data Library Modules | Access, People |
| Authentication | OAuth 2.0 — requires Global Administrator |
| Sync Frequency | Every 24 hours (manual sync available) |
| Permissions | Read-only |
What Data DSALTA Collects
When you connect Azure Active Directory, DSALTA automatically collects the following data on every sync cycle:- User accounts and email addresses
- MFA enrollment status
- Role assignments
- Account status
Key Use Cases
- Verify MFA enforcement
- Validate critical system access
- Monitor offboarding
How to Connect
Navigate to Integrations
Go to Settings → Integrations in your DSALTA dashboard and find Azure Active Directory in the catalog.
Authenticate
Follow the on-screen instructions to authenticate with your Azure Active Directory account. Admin-level access is required for the initial setup.
Configure Scope
Select which accounts, projects, or resources DSALTA should monitor. You can adjust this later from the integration settings.
Automated Compliance Tests
When you connect Azure Active Directory, DSALTA automatically generates the following compliance tests. Each test runs every 24 hours and produces pass/fail evidence for your auditor.| Test | Description |
|---|---|
| MFA should be enabled for all users | Checks that MFA is enabled for all Azure Active Directory users. |
| User access to critical systems should be valid | Checks that users with access to critical systems are authorized in Azure Active Directory. |
| Offboarded users should not have active access | Checks that offboarded users no longer have active Azure Active Directory access. |
Tests run automatically every 24 hours. Failed tests generate alerts and appear in your compliance dashboard with remediation guidance. All test results are stored as audit evidence with timestamps.
Compliance Frameworks
This integration provides evidence for the following compliance frameworks:SOC 2
Access controls, monitoring, and change management evidence.
ISO 27001
Asset management, access control, and operations security evidence.
GDPR
Access records and data processing evidence.
Troubleshooting
Integration shows Disconnected
Integration shows Disconnected
Re-authenticate by going to Settings → Integrations → Azure Active Directory and clicking Reconnect. This usually happens when API tokens expire or permissions change.
Data is not syncing
Data is not syncing
Verify that the connected account still has the required admin permissions. Try a manual sync from the integration settings page. If the issue persists, check your Azure Active Directory API rate limits.
Tests are not generating
Tests are not generating
Tests generate after the first successful data sync. If sync completed but tests are missing, ensure the relevant features are configured in Azure Active Directory (e.g., GuardDuty must be enabled in AWS for GuardDuty tests to appear).
Some users are missing from the sync
Some users are missing from the sync
DSALTA syncs all users visible to the connected admin account. If users are missing, verify they are within the scope you configured during setup. Suspended or deleted accounts may not appear.