Skip to main content
Skip table of contents

Getting started with DCS for Azure

Delphix Compliance Services (DCS) for Azure presents a targeted and effective solution for safeguarding sensitive data within the Azure ecosystem. By seamlessly integrating with Azure services, DCS enables organizations to apply data masking directly within their Azure environments. This ensures that data privacy and compliance standards are upheld, without sacrificing the data's utility and accessibility.

Utilizing in-place masking technology, DCS ensures that the integrity and structure of Azure data is maintained, while replacing sensitive information with realistic, anonymized data. With DCS for Azure, organizations can confidently safeguard sensitive data to ensure compliance with data protection regulations – all while maintaining the functionality and reliability of their Azure applications.

A brief overview of the key features of DCS for Azure includes:

  • Secure integration
    Establishes a secure and efficient integration with Azure services, ensuring safe data processing.

  • Customizable masking rules
    Provides a variety of predefined and customizable algorithms, allowing for the masking process to be adapted to meet specific data sensitivities.

  • User-friendly interface
    Features an intuitive interface that simplifies the data masking workflow, enabling users to effectively configure and oversee masking operations.


  • An Azure subscription

  • An Azure Data Factory (ADF) instance

  • A Delphix Compliance Services account


To begin, navigate to the Azure portal and then Azure Active Directory. Get the Primary domain from the Azure Active Directory Overview page, which will be needed later.

Click App registrations on the left side pane under Active Directory.

Click New registration to register a new app.

Provide a name and click the Register button.

Once the application is created, get the Application (client) ID and Directory (tenant) ID, which will be needed later.

Expose an API

Click Add an Application ID URI within the app overview page. 

Click Set to add an Application ID URI.

Set the App ID URI using the following format, with the primary domain and client ID from before, then save. https://<primaryDomain>/<clientId>

Click Add a scope and provide the details.

Click Add a client application. Paste the client ID captured earlier and add the application. 

Add a secret

Click Certificates & secrets on the left side pane.

Click New client secret under the Client secrets tab. Provide a description and expiration period for the secret, then click add. 

Save the value of the secret in a secure place, as it will be needed to authenticate with Delphix Compliance Services in ADF execution. The value can be saved in Azure Key Vault for security. 

Register AD tenant with DCS

Login to the Delphix Compliance Services website ( with your credentials.

Click Azure SPN at the top, then Add SPN.

Provide a name and description, along with the client and tenant ID from earlier, then click Add SPN.

The SPN is unique across a DCS account, thus, it is important not to reuse any existing SPN. The entry will appear in the list once added successfully. 

This completes the onboarding of an Azure tenant to Delphix Compliance Services that is now ready to be used with Azure Data Factory. 

Add AD secret in Azure Key Vault (optional) 

If a plain secret value was being used during the ADF linked service creation for DCS, this option is not needed.

In Azure portal, search for Key Vault. Click + Create to create new or use the existing key vault. 

Once the key vault is created, navigate to Secrets > Generate/Import to add a secret. 

For the Upload options, select Manual. Provide a Name and paste the Secret value string, then click Create.

Grant ADF access to read key vault secret 

Once created, retrieve the application ID of the Azure Data Factory from Properties > Managed Identify Application ID.

Click the vault, then Access Policies > + Create

In the first step, check Get and List under the Secret permissions list. 

In the second step, enter the ADF application ID into the search box and select the corresponding result.

Lastly, review the policy details and create it.

During the linked service creation for Delphix Compliance Services in ADF, reference the secret for Azure Key Vault created earlier.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.