AzureHound Enterprise System Requirements and Deployment Process

  • Updated

This article applies to BHE

The AzureHound Enterprise service is a critical element in your deployment that collects and uploads data about your Azure environment to your BloodHound Enterprise instance for processing and analysis.

AzureHound Enterprise is generally deployed on a single Windows system per Azure tenant and may run on the same system as your SharpHound Enterprise service account.

You need to create (at least) a single AzureHound server for all the tenants in scope and one Azure Enterprise Application for each tenant.

Running multiple AzureHound collectors on a single server requires the collectors to be installed as Scheduled Tasks instead of Windows Services. Installation instructions for such configuration can be found at: Setting up multiple AzureHound collectors on the same server with scheduled tasks.

Server Requirements


  Minimum Recommended
Processor Cores 2 cores 4 cores
Memory 4GB RAM 16GB RAM
Hard disk space 1GB for logging 5GB for logging


AzureHound Enterprise supports several deployment options:

  • Windows Server 2012+
  • .NET 4.5.2+


  • Docker


  • Kubernetes


  • TLS on 443/TCP to your tenant URL (provided by your account team)
  • TLS on 443/TCP to your Azure tenant. Azure Cloud domains are:

Service Principal Requirements

The AzureHound Enterprise service will run as an Azure Application backed by a Service Principal with the following permissions:

Deployment Process Overview

To deploy a fresh AzureHound Service collector:

  1. Configure Azure: AzureHound Enterprise Azure Configuration
  2. Create your AzureHound configuration: AzureHound Enterprise Local Configuration
  3. Deploy and maintain AzureHound: Run and Upgrade AzureHound (Windows, Docker, or Kubernetes)