SSWConsulting · Copilot · Dec 30, 2025 · Dec 30, 2025 · Dec 30, 2025 · Dec 30, 2025
diff --git a/content/docs/EagleEye/prerequisites.mdx b/content/docs/EagleEye/prerequisites.mdx
@@ -17,185 +17,3 @@ Before starting the installation, ensure you have:
 * **Azure OpenAI** quota available in your subscription
 * \***Custom domain** and DNS zone in Azure (optional)
 
-
-
-### Register Azure resource providers
-
-
-Before deploying EagleEye, make sure the following Azure resource providers are registered in your subscription:
-
-   - Microsoft.Storage
-   - Microsoft.ManagedIdentity
-   - Microsoft.App
-   - Microsoft.CognitiveServices
-   - Microsoft.KeyVault
-   - Microsoft.ContainerRegistry
-   - Microsoft.Network
-   - Microsoft.OperationalInsights
-   - Microsoft.Insights
-   - Microsoft.Sql
-   - Microsoft.Authorization
-   - Microsoft.Web
-   - Microsoft.ContainerInstance
-
-To check and register, follow the official Microsoft guide:
-[Register resource providers in Azure Portal](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#azure-portal)
-
-
-## Get Your Azure Tenant ID
-
-You will need your Azure Tenant ID for configuration:
-
-1. Sign in to the [Azure Portal](https://portal.azure.com)
-2. In the search bar, type "Microsoft Entra ID"
-   ![Manage Tenants](/EagleEye/entra.png)
-3. Go to **Manage Tenants** and copy the **Tenant ID (Organization ID)**
-   ![Tenant ID](/EagleEye/manage-tenants.png)
-   ![Tenant Object ID](/EagleEye/tenant-id.png)
-
-> **Note:** If you have multiple tenants, ensure you select the correct one for EagleEye deployment.
-
-## Get Your Azure Group Name
-
-You will need an Azure group for EagleEye to perform email analysis. This can be either an existing Azure group or a new one you create.
-
-To create a new group or find an existing one:
-
-1. Sign in to the [Azure Portal](https://portal.azure.com)
-2. In the search bar, type "Groups"
-   ![Search Azure Groups](/EagleEye/search-azure-groups.png)
-3. Go to **Groups** → **All groups**
-4. Either select an existing group or click **New group** to create one
-5. If creating a new group:
-   - Follow this [guide](https://learn.microsoft.com/en-us/entra/fundamentals/how-to-manage-groups) to create and configure a new group
-   - Select **Security** as the Group type if you want to add other groups as members (nesting), otherwise select **Microsoft 365**
-6. Copy the **Group name** (you will need this for configuration later)
-
-## App Registration Guide
-
-You need **3 Azure App Registrations** for EagleEye:
-
-1. **Engine App** - `SSW.EagleEye.Engine`
-2. **API App** - `SSW.EagleEye.Api`
-3. **Portal App** - `SSW.EagleEye.Portal`
-
-> **Tip:** Create one app and its client secret at a time to avoid confusion. \
-> \
-> By the end of this section, you should have 3 client secrets and 1 API scope URL ready for your EagleEye deployment.
-
-### Step 1: Create Each App Registration
-
-For each of the 3 apps:
-
-1. Go to **Azure Portal** → **App registrations** → **New registration**
-   ![App Registration Search](/EagleEye/App-Registration-Search.png)
-2. Enter the app name (e.g., `SSW.EagleEye.Engine`)
-3. Set **Supported account types** to: **Accounts in this organizational directory only**
-4. Click **Register**
-   ![Engine App](/EagleEye/Engine-App.png)
-
-### Step 2: Create a Client Secret
-
-Repeat these steps for each app:
-
-1. Go to **Certificates & secrets**
-2. Click **New client secret**
-3. Add a description (e.g., `Engine Secret`, `API Secret`, `Portal Secret`)
-4. Select an expiry period → **Add**
-   ![Create Client Secret](/EagleEye/Create-Client-Secret.png)
-5. **Copy the secret value immediately** (you will need this later; it will never be shown again)
-   ![Copy Client Secret](/EagleEye/Copy-secret-value.png)
-
-> **Warning:** After deployment, remove the secret value from any temporary notes (clipboard, notepad, etc.). \
-> 
-> Do not delete the secret from Azure
-
-
-> Remember to repeat **Steps 1 & 2** for all 3 app registrations
-
-
-## App-Specific Configuration
-
-These are the only extra settings required for each app registration.
-
-### Engine App - Configure API Permissions
-
-**App:** `SSW.EagleEye.Engine`
-
-1. Go to **App registrations** → **All applications** → search for `SSW.EagleEye.Engine`
-   ![Search Existing App](/EagleEye/Search-existing-app.png)
-2. Go to **Manage** → **API permissions** → **Add a permission**
-3. Select **Microsoft Graph** → **Application permissions** (Important: select Application permissions - not Delegated).
-4. Add:
-   * `GroupMember.Read.All`
-   * `Mail.Read`
-   * `User.Read.All`
-   * `Domain.Read.All`
-
-5. Click **Add permissions**
-6. Click **Grant admin consent**
-   ![App Api Permissions](/EagleEye/Engine-Api-Permissions.png)
-
-### API App - Expose a Scope
-
-**App:** `SSW.EagleEye.Api`
-
-This exposes the API so the Portal can call it.
-
-1. Go to **App registrations** → **All applications** → search for `SSW.EagleEye.Api`
-2. Go to **Expose an API** → **Add a scope**
-3. Accept the default Application ID URI (or customise) → **Save and continue**
-   ![Expose a scope](/EagleEye/Expose-scope.png)
-4. Configure the scope:
-   * **Scope name:** `access_as_user`
-   * **Who Can Consent:** *Admins and users*
-   * **Admin consent display name:** `Access SSW EagleEye as user`
-   * **Admin consent description:** `Allow the application to access SSW EagleEye on behalf of the signed-in user`
-5. Click **Add scope**
-   ![Add Scope](/EagleEye/Add-scope.png)
-6. **Copy the full scope URL** (e.g., `api://xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/access_as_user`)
-
-You will need this during deployment.
-
-### Portal App - Configure API Permission
-
-**App:** `SSW.EagleEye.Portal`
-
-This allows the Portal web app to call the API.
-
-1. Go to **App registrations** → **All applications** → search for `SSW.EagleEye.Portal`
-2. Go to **API permissions** → **Add a permission**
-3. Select **APIs my organization uses** → choose **SSW\.EagleEye.Api**
-   ![Select My APIs](/EagleEye/Api-permission.png)
-4. Select **Delegated permissions** → `access_as_user`
-5. Click **Add permissions**
-   ![Add Permissions](/EagleEye/Request-permission.png)
-6. Click **Grant admin consent**
-   ![Grant Admin Consent](/EagleEye/grant-admin-consent.png)
-
-## Control Who Can Sign In to Your EagleEye Portal
-
-You can choose exactly which users or groups are allowed to access your EagleEye Portal.  
-By default, Azure lets *any* user in your tenant sign in - so it’s important to lock this down.
-
-### Secure the Portal App
-1. In the Azure Portal, search for **Enterprise applications**
-2. Select your **SSW.EagleEye.Portal** enterprise app
-3. In the left menu, go to **Manage → Properties**
-4. Set **Assignment required** to **Yes**
-   - This ensures **only the users or groups you assign** can sign in.  
-   - If this is set to **No**, *any* user in your tenant will be able to access your EagleEye portal.
-5. Click **Save**
-![Portal Enterprise app](/EagleEye/Portal-enterprise-app.png)
-
-### Assign Users/Groups to the Portal App
-1. In the same **SSW.EagleEye.Portal** enterprise app, go to **Manage → Users and groups**
-2. Click **Add user/group**
-3. Select the users or groups you want to give access to.
-4. Click **Assign**
-![Portal assign users](/EagleEye/Portal-assign-users.png)
-
-
-## References
-
-* [Azure Marketplace overview](https://learn.microsoft.com/en-us/marketplace/azure-marketplace-overview)
diff --git a/content/docs/EagleEye/step-1-azure-setup.mdx b/content/docs/EagleEye/step-1-azure-setup.mdx
@@ -0,0 +1,64 @@
+---
+seo:
+   title: SSW EagleEye - Step 1 Azure Setup
+   description: >-
+      Configure your Azure subscription, register required resource providers,
+      and gather tenant and group details needed before installing SSW EagleEye
+      from the Azure Marketplace.
+title: Step 1 - Azure Setup
+date: '2025-12-29T13:00:00.000Z'
+---
+
+### Step 1.1 - Register Azure resource providers
+
+<Youtube thumbnail="https://img.youtube.com/vi/xG_zjvTjR58/maxresdefault.jpg" size="medium" externalVideoLink="https://www.youtube.com/embed/xG_zjvTjR58?start=50" />
+
+> Tip: Jump to 0:50 for Azure Setup
+
+Before deploying EagleEye, make sure the following Azure resource providers are registered in your subscription:
+
+* Microsoft.Storage
+* Microsoft.ManagedIdentity
+* Microsoft.App
+* Microsoft.CognitiveServices
+* Microsoft.KeyVault
+* Microsoft.ContainerRegistry
+* Microsoft.Network
+* Microsoft.OperationalInsights
+* Microsoft.Insights
+* Microsoft.Sql
+* Microsoft.Authorization
+* Microsoft.Web
+* Microsoft.ContainerInstance
+
+To check and register, follow the official Microsoft guide:
+[Register resource providers in Azure Portal](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/resource-providers-and-types#azure-portal)
+
+### Step 1.2 - Get Your Azure Tenant ID
+
+You will need your Azure Tenant ID for configuration:
+
+1. Sign in to the [Azure Portal](https://portal.azure.com)
+2. In the search bar, type "Microsoft Entra ID"
+   ![Manage Tenants](/EagleEye/entra.png)
+3. Go to **Manage Tenants** and copy the **Tenant ID (Organization ID)**
+   ![Tenant ID](/EagleEye/manage-tenants.png)
+   ![Tenant Object ID](/EagleEye/tenant-id.png)
+
+> **Note:** If you have multiple tenants, ensure you select the correct one for EagleEye deployment.
+
+### Step 1.3 - Get Your Azure Group Name
+
+You will need an Azure group for EagleEye to perform email analysis. This can be either an existing Azure group or a new one you create.
+
+To create a new group or find an existing one:
+
+1. Sign in to the [Azure Portal](https://portal.azure.com)
+2. In the search bar, type "Groups"
+   ![Search Azure Groups](/EagleEye/search-azure-groups.png)
+3. Go to **Groups** → **All groups**
+4. Either select an existing group or click **New group** to create one
+5. If creating a new group:
+   * Follow this [guide](https://learn.microsoft.com/en-us/entra/fundamentals/how-to-manage-groups) to create and configure a new group
+   * Select **Security** as the Group type if you want to add other groups as members (nesting), otherwise select **Microsoft 365**
+6. Copy the **Group name** (you will need this for configuration later)
diff --git a/content/docs/EagleEye/step-2-app-registrations.mdx b/content/docs/EagleEye/step-2-app-registrations.mdx
@@ -0,0 +1,135 @@
+---
+seo:
+   title: SSW EagleEye - Step 2 App Registrations
+   description: >-
+      Create and configure the three Azure App Registrations required for SSW
+      EagleEye, including client secrets, Microsoft Graph permissions, API
+      scopes, and secure portal access control.
+title: Step 2 - App Registrations
+date: '2025-12-29T13:00:00.000Z'
+---
+
+<Youtube thumbnail="https://img.youtube.com/vi/xG_zjvTjR58/maxresdefault.jpg" size="medium" externalVideoLink="https://www.youtube.com/embed/xG_zjvTjR58?start=300" />
+
+> Tip: Jump to 5:00 for App Registrations
+
+You need **3 Azure App Registrations** for EagleEye:
+
+1. **Engine App** - `SSW.EagleEye.Engine`
+2. **API App** - `SSW.EagleEye.Api`
+3. **Portal App** - `SSW.EagleEye.Portal`
+
+> **Tip:** Create one app and its client secret at a time to avoid confusion. \
+> \
+> By the end of this section, you should have 3 client secrets and 1 API scope URL ready for your EagleEye deployment.
+
+### Step 2.1 - Create Each App Registration
+
+For each of the 3 apps:
+
+1. Go to **Azure Portal** → **App registrations** → **New registration**
+   ![App Registration Search](/EagleEye/App-Registration-Search.png)
+2. Enter the app name (e.g., `SSW.EagleEye.Engine`)
+3. Set **Supported account types** to: **Accounts in this organizational directory only**
+4. Click **Register**
+   ![Engine App](/EagleEye/Engine-App.png)
+
+### Step 2.2 - Create a Client Secret
+
+Repeat these steps for each app:
+
+1. Go to **Certificates & secrets**
+2. Click **New client secret**
+3. Add a description (e.g., `Engine Secret`, `API Secret`, `Portal Secret`)
+4. Select an expiry period → **Add**
+   ![Create Client Secret](/EagleEye/Create-Client-Secret.png)
+5. **Copy the secret value immediately** (you will need this later; it will never be shown again)
+   ![Copy Client Secret](/EagleEye/Copy-secret-value.png)
+
+> **Warning:** After deployment, remove the secret value from any temporary notes (clipboard, notepad, etc.).
+> \
+> Do not delete the secret from Azure
+
+> Remember to repeat **Steps 2.1 & 2.2** for all 3 app registrations
+
+## Step 2.3 - App-Specific Configuration
+
+These are the only extra settings required for each app registration.
+
+### Step 2.3.1 - Engine App - Configure API Permissions
+
+**App:** `SSW.EagleEye.Engine`
+
+1. Go to **App registrations** → **All applications** → search for `SSW.EagleEye.Engine`
+   ![Search Existing App](/EagleEye/Search-existing-app.png)
+2. Go to **Manage** → **API permissions** → **Add a permission**
+3. Select **Microsoft Graph** → **Application permissions** (Important: select Application permissions - not Delegated).
+4. Add:
+   * `GroupMember.Read.All`
+   * `Mail.Read`
+   * `User.Read.All`
+   * `Domain.Read.All`
+5. Click **Add permissions**
+6. Click **Grant admin consent**
+   ![App Api Permissions](/EagleEye/Engine-Api-Permissions.png)
+
+### Step 2.3.2 - API App - Expose a Scope
+
+**App:** `SSW.EagleEye.Api`
+
+This exposes the API so the Portal can call it.
+
+1. Go to **App registrations** → **All applications** → search for `SSW.EagleEye.Api`
+2. Go to **Expose an API** → **Add a scope**
+3. Accept the default Application ID URI (or customise) → **Save and continue**
+   ![Expose a scope](/EagleEye/Expose-scope.png)
+4. Configure the scope:
+   * **Scope name:** `access_as_user`
+   * **Who Can Consent:** *Admins and users*
+   * **Admin consent display name:** `Access SSW EagleEye as user`
+   * **Admin consent description:** `Allow the application to access SSW EagleEye on behalf of the signed-in user`
+5. Click **Add scope**
+   ![Add Scope](/EagleEye/Add-scope.png)
+6. **Copy the full scope URL** (e.g., `api://xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/access_as_user`)
+
+You will need this during deployment.
+
+### Step 2.3.3 - Portal App - Configure API Permission
+
+**App:** `SSW.EagleEye.Portal`
+
+This allows the Portal web app to call the API.
+
+1. Go to **App registrations** → **All applications** → search for `SSW.EagleEye.Portal`
+2. Go to **API permissions** → **Add a permission**
+3. Select **APIs my organization uses** → choose **SSW.EagleEye.Api**
+   ![Select My APIs](/EagleEye/Api-permission.png)
+4. Select **Delegated permissions** → `access_as_user`
+5. Click **Add permissions**
+   ![Add Permissions](/EagleEye/Request-permission.png)
+6. Click **Grant admin consent**
+   ![Grant Admin Consent](/EagleEye/grant-admin-consent.png)
+
+## Control Who Can Sign In to Your EagleEye Portal
+
+You can choose exactly which users or groups are allowed to access your EagleEye Portal.\
+By default, Azure lets *any* user in your tenant sign in - so it’s important to lock this down.
+
+### Step 2.4 - Secure the Portal App
+
+1. In the Azure Portal, search for **Enterprise applications**
+2. Select your **SSW\.EagleEye.Portal** enterprise app
+3. In the left menu, go to **Manage → Properties**
+4. Set **Assignment required** to **Yes**
+   * This ensures **only the users or groups you assign** can sign in.
+   * If this is set to **No**, *any* user in your tenant will be able to access your EagleEye portal.
+5. Click **Save**
+   ![Portal Enterprise app](/EagleEye/Portal-enterprise-app.png)
+
+### Step 2.5 - Assign Users/Groups to the Portal App
+
+1. In the same **SSW\.EagleEye.Portal** enterprise app, go to **Manage → Users and groups**
+2. Click **Add user/group**
+3. Select the users or groups you want to give access to.
+4. Click **Assign**
+   ![Portal assign users](/EagleEye/Portal-assign-users.png)