The AzureHound Enterprise service is a critical element in your deployment that collects and uploads data about your Azure environment to your BloodHound Enterprise instance for processing and analysis.
AzureHound Enterprise is generally deployed on a single Windows system per Azure tenant and may run on the same system as your SharpHound Enterprise service account.
You need to create (at least) a single AzureHound server for all the tenants in scope and one Azure Enterprise Application for each tenant.
Running multiple AzureHound collectors on a single server requires the collectors to be installed as Scheduled Tasks instead of Windows Services. Installation instructions for such configuration can be found at: Setting up multiple AzureHound collectors on the same server with scheduled tasks.
Server Requirements
Hardware
| Minimum | Recommended | |
| Processor Cores | 2 cores | 4 cores |
| Memory | 4GB RAM | 16GB RAM |
| Hard disk space | 1GB for logging | 5GB for logging |
Software
AzureHound Enterprise supports several deployment options:
- Windows Server 2012+
- .NET 4.5.2+
OR
- Docker
OR
- Kubernetes
Network
- TLS on 443/TCP to your tenant URL (provided by your account team)
- TLS on 443/TCP to your Azure tenant. Azure Cloud domains are:
- microsoftonline.com
- microsoft.com
- azure.com
Service Principal Requirements
The AzureHound Enterprise service will run as an Azure Application backed by a Service Principal with the following permissions:
- Directory Reader on Azure AD Tenant
- Reader on all Azure Subscriptions
- Directory.Read.All on Microsoft Graph
Deployment Process Overview
To deploy a fresh AzureHound Service collector:
- Configure Azure: AzureHound Enterprise Azure Configuration
- Create your AzureHound configuration: AzureHound Enterprise Local Configuration
- Deploy and maintain AzureHound: Run and Upgrade AzureHound (Windows, Docker, or Kubernetes)