Why do I get a ZIP file?
The solution generates two types of diagrams:
- High-Level Diagram (HLD): Provides an overview of your Azure network architecture, showing virtual networks and their peerings.
- Mid-Level Diagram (MLD): Offers more detail, including subnets and further details
What permissions are required?
To generate a network diagram, the user or service principal must have at least Reader access to the relevant virtual networks in your Azure tenant. This is required to query network resources and visualize peerings and topology.
Does a Service Principal automatically have access?
No. If you use a Service Principal, you must manually assign it access to the required resources. The tool cannot assign permissions for you. You can use built-in roles like Reader at the subscription, resource group, or resource level.
What Azure resources are analyzed?
The tool currently maps Virtual Networks, Peerings, and Subnets. It uses Azure Resource Graph queries to identify structure and relationships.
Why is my diagram empty or missing items?
This usually means the account or service principal does not have sufficient access, or that no supported network resources were found. Double-check permissions in Azure and confirm the identity has access to the intended subscriptions.
How long does access last?
User tokens last for 60 minutes. The Service Principal form sends credentials directly to the backend without storing them. Access is temporary and used only to retrieve the necessary data once.
What if my environment uses custom roles or policies?
As long as the effective permissions allow for read access to network resources
(like Microsoft.Network/virtualNetworks/read
), the tool will work.
Custom RBAC roles should include this permission.
Do you store my credentials or data?
No. Neither Service Principal secrets nor user tokens are stored. All data is processed in-memory and discarded after the diagram is generated.