After an admin installs an app, the necessary permissions are automatically granted and will stay active, even if that specific admin later leaves or is removed.

All required permissions are displayed during application installation.

Retrieval of the complete user list associated with the domain.

Monitoring the users' configuration such as missing MFA, inactive accounts, and more - and will raise an alert whenever an issue is detected.

Enabling 'Dark Web Monitoring' and 'External Footprint Scan.

These permissions enable the execution of remediation actions for detected ITDR incidents.

It allows to actively respond to risky activity and user-related threats by suspending a user or remediating an issue with an automated response.

These s enables the ‘Data Protection’ feature.

Once the integration is in place, Guardz scans the customer’s files and folders and raise an alert when an external share or suspicious activity is detected.

Email 'Read & Write' permissions are required to allow the injection of phishing simulation emails into end-user inboxes.

Navigate to the ‘Security Controls’ and see the top security authorization string

Click on 'Authorize Security’

Review the information and click 'Install'

Choose the account to connect to Guardz

Review the 'Guardz Detection' permissions and make sure to grant them all

Click on ‘Accept’

To verify successful installation, make sure the status has changed to ‘Active’ (the process may take a couple of minutes)

You can also find the app on your Microsoft Azure account:
Azure portal > Enterprise applications > All Application

Please note: the app should be installed with a licensed Global Admin to avoid scope or permission errors. Unlicensed admins may work in some tenants but are not officially supported and can cause setup failures.