HLD Example

Use a dedicated Service Principal to securely map Azure virtual networks and peerings. This allows for more controlled and scoped access, ideal for enterprise or CI/CD workflows.

By clicking, you agree to our Terms of Service.


What You’ll Receive

  • HLD (High-Level Diagram) — hub and spoke layout of your Azure network
  • MLD (Medium-Level Diagram) — detailed structure with information about subnets
  • Both are bundled as a ZIP file and downloaded via the browser

Requirements

The Service Principal must have at least Reader access to all networks and peerings to be included in the scan.

Disclaimer

CloudNetDraw uses the credentials you provide to perform a single scan of your environment. Activity is logged in your Entra ID tenant, and access can be monitored and revoked at any time.


🛠️ How to Set Up a Service Principal

You only need three values: Tenant ID, Client ID, and Client Secret. Here's how to get them:

1. Register a New App

Navigate to Entra ID → App registrations → New registration.

Register app

2. Fill in the App Info

Use a name like CloudNetDraw, select Single tenant, and skip redirect URI.

App registration form

3. Copy IDs

From the Overview page, copy both the Tenant ID and Client ID.

Copy IDs

4. Create a Client Secret

Go to Certificates & secrets+ New client secret.

Create secret

5. Name and Save the Secret

Give it a description and expiration, then click Add.

Add secret

6. Copy the Secret Value

Important: Copy the secret value now—it won’t be shown again later.

Copy secret

7. Assign Reader Role

In Subscriptions → IAM, click Add role assignment.

IAM view

8. Select Reader

Choose role

9. Assign to the App

Search for and select your app under Members.

Assign app

You're ready! Return to the form at the top, paste in the values, and generate your diagrams.

If you wish to map more than one subscription just add the same Reader role to all applicable subscriptions!