Service Principal (Certificate)
Follow these steps to enable the Entra directory scan tasks to access Entra directory using a service principal with certificate.
For more information see
https://learn.microsoft.com/entra/identity-platform/howto-create-service-principal-portal
- Ensure that a client certificate and private key that supports client authentication is installed on the machine running the XIA Configuration Client and that the certificate is accessible to the service account. 
- Export the public key of the client certificate in CER, PEM, or CRT format.
- Logon to the Azure Portal as a user account with the sufficient permissions.
- Go to Microsoft Entra ID > App Registrations > New Registration.
- Enter an appropriate name for the application - for example "XIA Configuration Server".
- For supported account types select
 Accounts in this organizational directory only
- Do not specify a Redirect URI.
- Click Register.
- Make a note of the following values
 Application (client) ID
 Directory (tenant) ID
- Go to Certificates & secrets > Certificates.
- Click Upload Certificate.
- Browse for the certificate and provide a description. 
- Copy and record the thumbprint. 
- Go to Azure Active Directory > Roles and Administrators > Global reader. 
- Click Add assignments and search for and select the service principal and click Add.