3.1.2 Update Warden Permissions in Azure

As new rules are built for Warden, more permissions are required to get the necessary data for these rules. If you have an existing Azure scan in Warden, you can update the permissions for your scan in Azure by following the steps below:


Update Azure Active Directory App Permissions

Warden requires the following Active Directory App Permissions:

  • User.Read.All
  • Group.Read.All
  • Application.Read.All


To add new permissions into Azure Active Directory, go through the following steps:

  1. Navigate to the Azure Active Directory service.
  2. Go to App Registrations and select the appropriate application.
  3. On the left, click on API permissions, then click Add a permission.

1.Add an admissinon copy

4. Select Microsoft Graph under Microsoft APIs and select Application permissions.

2.api permission application permission microsoft graph copy

5. Type and select the permission you are missing.
6. Click Add permissions at the bottom of the window.

3.groupreadall copy

7. Right beside the Add a permission button, click on Grant Admin Consent for Default Directory.



Update Azure Custom Role Permissions

Warden requires the Azure subscription custom role to have the same permissions as the role in this file


To add new permissions to your Azure Subscription, go through the following steps:

  1. Navigate to Subscriptions, and select the target subscription.

5.azure custom role_subscription_01

2. Click on Access Control (IAM), click on Roles, and select the custom role that you’ve created for Warden previously. You can filter the roles by selecting CustomRole in the Type filter.


3. Select the target role and click on the … icon and select Edit.



4. Go to the JSON tab, click on Edit.
5. Update the permissions section of the JSON object with the permissions section listed in the file above.
6. Click Review + update and click Update.