> ## Documentation Index
> Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt
> Use this file to discover all available pages before exploring further.
# Create an AzureHound Configuration
> Learn how to create a configuration file for AzureHound Enterprise data collection.
To complete the configuration process, you must have the following information:
| Item | Description |
| ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Directory (tenant) ID | Identifies the Microsoft Entra ID instance where you must [register](/install-data-collector/install-azurehound/azure-configuration) the AzureHound Enterprise application. |
| Application (client) ID | Identifies the AzureHound Enterprise [app registration](/install-data-collector/install-azurehound/azure-configuration) that you must create in the Microsoft Entra admin center. |
| AzureHound token ID | Identifies the AzureHound Enterprise [collector client](/collect-data/enterprise-collection/create-collector) that you must create in BloodHound Enterprise. |
| AzureHound token | Provides the authentication key for the AzureHound Enterprise [collector client](/collect-data/enterprise-collection/create-collector) that you must create in BloodHound Enterprise. |
Configuring AzureHound Enterprise involves the following steps:
```mermaid theme={null}
flowchart LR
subgraph Review
f(Configuration
Summary)
end
subgraph Configure
d-->e(AzureHound
logging)
c-->d(AzureHound
collector client)
b(Azure
connection)-->c(AzureHound
authentication)
end
subgraph Download
a(AzureHound
Enterprise)
end
Download-->Configure-->Review
```
Follow the steps below to create your AzureHound Enterprise configuration file using the AzureHound Enterprise CLI tool.
1. Login to your BloodHound Enterprise tenant.
2. In the left menu, click **Download Collectors**.
3. Download the AzureHound Enterprise ZIP archive.
Choose the option suitable for your system's architecture (ARM64 or AMD64).
4. Extract the contents of the ZIP archive to a working directory on the system where you plan to run the AzureHound Enterprise binary.
1. Start the AzureHound Enterprise CLI tool with the `configure` command.
```text theme={null}
C:\Users\Administrator.ROOT\Downloads\azurehound-v2.8.2\azurehound-windows-amd64>azurehound.exe configure
```
To see all available options, run `azurehound.exe -h`.
2. Select the Azure region where your organization's tenant is hosted.
Most organizations use the `cloud` region.
```text theme={null}
AzureHound v2.8.2
Created by the BloodHound Enterprise team - https://bloodhoundenterprise.io
Use the arrow keys to navigate: ↓ ↑ ← →
? Azure Region:
china
> cloud
usgov14
usgov15
```
3. Enter the Azure **Directory (tenant) ID**.
```text theme={null}
Directory (tenant) ID: b82887fc-338d-44ab-97d6-ac32d060ad7e
```
4. Enter the Azure **Application (client) ID** that you created when [registering](/install-data-collector/install-azurehound/azure-configuration) the AzureHound Enterprise application.
```text theme={null}
Application (client) ID: 18a7b927-9905-484e-8b17-c09630ce8ff2
```
1. Select a method for authenticating AzureHound Enterprise to BloodHound Enterprise.
We **highly** recommend certificate-based authentication.
```text theme={null}
Use the arrow keys to navigate: ↓ ↑ ← →
? Authentication Method:
> Certificate
Client Secret
Username and Password
```
2. If using Certificate authentication, press **Enter** or type `Y` to create a new certificate and key.
```text theme={null}
Authentication Method: Certificate
? Generate Certificate and Key? [Y/n]
```
* The certificate generated by AzureHound expires after one year.
* If using a certificate issued by another authority, AzureHound Enterprise supports certificates with the following characteristics:
* PEM encoded
* RSA 256
* PKCS#8 or PKCS#5
3. If using Certificate authentication, enter an optional passphrase for the private key.
```text theme={null}
Authentication Method: Certificate
v Private Key Passphrase (optional):
```
4. Press **Enter** (or enter `Y`) to connect to BloodHound Enterprise.
```text theme={null}
? Setup connection to BloodHound Enterprise? [Y/n]
```
5. Enter the URL of your BloodHound Enterprise tenant.
```text theme={null}
v BloodHound Enterprise URL: https://enterprise.bloodhoundenterprise.io/
```
1. Create an AzureHound [collector client](/collect-data/enterprise-collection/create-collector).
Continue to the next step when you have the **Token ID** and **Token**.
2. Enter the collector client's **Token ID**.
```text theme={null}
v BloodHound Enterprise Token ID: bb7b957f-2508-400b-971e-6a1857cc0101
```
3. Enter the collector client's **Token**.
```text theme={null}
v BloodHound Enterprise Token: ****************************************
```
4. (Optional) Enter `y` if you want to use a proxy URL.
Most organizations do not use a proxy.
```text theme={null}
? Set proxy URL? [y/N]
```
1. Press **Enter** (or type `y`) to set up local logging.
```text theme={null}
? Setup AzureHound logging? [Y/n]
```
2. Select the logging verbosity, as a start we recommend **Default**.
```text theme={null}
Use the arrow keys to navigate: ↓ ↑ ← →
? Verbosity:
Disabled
> Default
Debug
Trace
```
3. Enter a name for the log file.
You can also enter a full path as a file name. If you do not specify a full path, AzureHound Enterprise writes logs to the specified file name and stores it in the same directory as the AzureHound binary.
```text theme={null}
v Log file (optional): azurehound.log
```
4. If you want AzureHound Enterprise to generate JSON-structured logs, press **Enter** or type `y`.
```text theme={null}
? Enable Structured Logs? [y/N]
```
When configuration is complete, the AzureHound Enterprise CLI tool displays a configuration summary.
```text theme={null}
Configuration written to C:\Users\Administrator.ROOT\.config\azurehound\config.json
Key written to C:\Users\Administrator.ROOT\.config\azurehound\key.pem
Certificate written to C:\Users\Administrator.ROOT\.config\azurehound\cert.pem
Ensure certificate is uploaded to your application's client credentials
```
If you are using Certificate authentication, the summary also includes the location of the certificate to complete the configuration in Azure.