# How to Onboard Microsoft Azure Account Log in to CloudSecOps portal using your credentials.

Once you successfully logged in for the first time. You will be able to see the "Environment" page only under Global Tenant Setting (please refer to the screenshot below). You will be able to see all of the pages once you add any AWS or Azure account. Now, hit the marked option to link your Microsoft Azure account.

Input the necessary credentials for 1. Microsoft Azure account Client id 2. Client secret key 3. Subscription ID 4. Tenant ID, then verify. Then click next to input other information.

Then you will have the option to add Account and Organization details. Once the account is connected, the scan will get automatically started. ### Step 1: Create an App Registration Go to **Azure Active Directory > App registrations > New registration**

### Step 2: Give API permissions to App Registration #### 1. Search for all the above permissions listed below and add it to the created app. * Application.Read.All * AuditLog.Read.All * Directory.Read.All * Domain.Read.All * Group.Read.All * IdentityProvider.Read.All * Policy.Read.All * User.Read.All * Reports.Read.All #### 2. Grant admin consent for the default directory.

### Step 3: **Attach a custom built Role with Below role definition to the app for Subscription** Go to **Subscription > Access control (IAM) > Add > Add role assignment** then add custom built role and assign the role to app. ``` { "properties": { "roleName": "ReadOnlyCustomRole", "description": "A custom role to view all resources, but does not allow you to make any changes in the infrastructure.", "assignableScopes": [ "/subscriptions/{subscriptionId}" ], "permissions": [ { "actions": [ "*/read", "Microsoft.KeyVault/checkNameAvailability/read", "Microsoft.KeyVault/deletedVaults/read", "Microsoft.KeyVault/locations/*/read", "Microsoft.KeyVault/vaults/*/read", "Microsoft.KeyVault/operations/read" ], "notActions": [], "dataActions": [], "notDataActions": [] } ] } } ``` #### Step 4: Create a client secret for the App Go to **App registration** select your app and click on **Certificates & secrets > New client secret**

### Step 5: Copy Required Credentials #### 1. Copy Client ID and Tenant ID Go to **Azure Active Directory > App registrations**. Then click on the **application**.

#### 2. Copy Client Secret Go to **Azure Active Directory > App registrations > Certificates & secrets**. Then copy the Client Secret.

#### 3. Copy the Subscription ID Go to **Subscriptions**. Copy the **Subscription ID**.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs-acs.clouddefenseai.com/onboarding/how-to-onboard-microsoft-azure-account.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.