Skip to main content

Microsoft tenants

Driftmark connects to Microsoft Entra ID tenants using Microsoft Graph application permissions.

What a tenant connection includes

Each connection stores:
  • tenant ID
  • client ID
  • encrypted client secret
  • connection status
  • optional label
  • selected template
  • snapshot schedule
  • optional report schedule

Adding a tenant

Go to: Settings -> Integrations -> Microsoft Choose Add tenant and enter:
  • Tenant ID
  • Client ID
  • Client Secret
  • optional label
Driftmark validates the credentials before saving the connection. If you need help creating the Microsoft Entra app registration first, follow Microsoft App Registration setup.

Required permissions

At minimum, the connected application must have:
  • Organization.Read.All
Additional Graph application permissions depend on the enabled controls in the selected template. After assigning permissions in Azure, you must grant admin consent or the connection will not work.

Connection health

Connections surface a status such as:
  • connected
  • error
  • paused
The tenant page also shows:
  • last validated time
  • last sync time
  • last error

Tenant detail page

The tenant detail page lets you:
  • edit connection metadata
  • assign a template
  • configure snapshot schedule
  • configure report schedule if the plan supports it
  • run a manual snapshot
  • download a PDF report
  • review recent snapshot history

Plan-based behavior

Some capabilities are plan-dependent:
  • Core plan cannot use report schedules
  • Core plan cannot schedule hourly snapshots
  • Standard supports monthly report schedules
  • Pro and MSP plans support monthly and quarterly report schedules

Tenant limits

Workspace plans can cap how many tenant connections are allowed. When that limit is reached, the app disables adding new tenants until the plan is upgraded or a connection is removed.