Applies to BloodHound Enterprise only You will need your Tenant ID and Application ID from completing AzureHound Enterprise Azure Configuration prior to beginning this process.
  1. Log into your BloodHound Enterprise tenant.
  2. In the top right, click settings ⚙️ → Download Collectors
  1. Download AzureHound Enterprise by clicking the button **DOWNLOAD AZUREHOUND vX.X.X (.ZIP) **
  1. Extract the contents of the zip archive and locate the binary suitable for your system’s architecture.
    • As an example, this guide will use the Windows 64-bit binary: “azurehound-windows-amd64”
  1. Run “azurehound.exe -h” to see all available options
  1. Run “azurehound.exe configure” and select the Azure region your organization’s tenant is hosted in
    • Note: Most organizations are using the “cloud” region
  1. Type in your Azure tenant ID
  1. Type in the application ID you saved when creating the AzureHound application
  1. Choose your desired authentication mechanism
    • We highly recommend certificate-based authentication.
  1. If using Certificate authentication: hit Enter, or type ‘y’, to create a new certificate and key
  • Note: The certificate generated by AzureHound expires after one year.
  • Note: If using a certificate issued by another authority, AzureHound supports certificates with the following:
    • PEM encoded
    • RSA 256
    • PKCS#8 or PKCS#5
  1. If using Certificate authentication: if desired, provide a password for the secret key
  1. Hit Enter, or type ‘y’, to set up a connection to BloodHound Enterprise
  1. Type in the full URL of your BloodHound Enterprise tenant
  1. Create an AzureHound collector client by following Create a BloodHound Enterprise collector client. Continue to the next step when you have the Token ID and Token.
  2. Type in the client collector’s Token ID from the previous step
  1. Type in the client collector’s Token key from the collector client
  1. Decide if you want to use a proxy URL. Most organizations will not use this feature
  1. Hit Enter, or type ‘y’, to set up local logging
  1. Select the logging verbosity, as a start we recommend Default
  1. Type a log file name
    • You can also enter file name as a full path. If not specifying a path; AzureHound will output logs to the specified file name within the same directory as the AzureHound binary
  1. Decide if AzureHound should generate JSON-structured logs
  1. When completed, a settings summary is shown
  2. If using Certificate authentication; the summary also includes the location of the certificate to complete the configuration within Azure
  1. Continue to Run and Upgrade AzureHound (Windows, Docker, or Kubernetes)