This article describes the API permissions that must be setup in Azure for the following connectors: 'Microsoft-AzureAD-Connector', 'Microsoft-AzureAD-GetGroups' and 'Microsoft-AzureAD-GetUsers'.
The above mentioned connectors all use the 'Windows Azure Active Directory' API, permissions for this can be viewed and requested under the App registration for the Spider Connector in Azure.
In order for Spider connectors to receive the required data the 'Windows Azure Active Directory' API requires the following Application permission be granted in the Azure Portal: Directory.Read.All
Please note: Admin consent is required for this API permission to function.
