Directory Reader (Entra ID)
Supports directory and identity context needed for accurate identity posture analysis.
Learn
Azure role requirements for accurate security reporting
These are the minimum roles to maximize report quality while preserving read-only operational boundaries.
Required roles
Security Reader (Azure subscription scope)
Provides visibility into security posture and recommendation surfaces.
Reader (Azure subscription scope)
Enables read-only inventory and configuration coverage across scoped resources.
Validation workflow
After assigning roles, run tenant validation checks to confirm Graph, Resource Graph, and subscription access are all green before scanning.