Overview

Scrut integrates with Azure via a secure service principal to collect audit logs, subscription-level configurations, and IAM settings. The data is used to automate evidence collection for compliance frameworks like SOC 2 and ISO 27001. No personal or application-level data is accessed only essential, read-only metadata required for ongoing audit readiness.

Why Connect

Eliminate manual pulls by generating continuous Azure config evidence Provide proof of IAM, logging, and subscription controls Surface misconfigurations before they create audit findings.

Supported Automated Tests

Scrut provides pre-built automated tests for Microsoft Azure. Here are a few examples of Scrut’s Microsoft Azure tests:

• Access reviews completed for all in-scope applications
• Microsoft Azure accounts associated with users
• Microsoft Azure accounts deprovisioned when employees leave

Supported Automated Evidence

Scrut automates the collection of some evidences for Microsoft Azure. Here are a few examples of Scrut’s Microsoft Azure-driven evidences that can be collected:

• Offboarding - Logical Access & Physical Access Revocation
• Reports of User Access Reviews
• User Access Approval list to Application, Infrastructure and Service