> For the complete documentation index, see [llms.txt](https://docs-acs.clouddefenseai.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs-acs.clouddefenseai.com/onboarding/how-to-onboard-microsoft-azure-account.md).

# How to Onboard Microsoft Azure Account

Log in to CloudSecOps portal using your credentials. 

<figure><img src="https://lh3.googleusercontent.com/za0Gphb17Zsp01BloXAXB_PIsIQfZ3oJbqpi2v1M9o8ZoiQN4lgu4OD0qzibwg9zguLga-CIzoVjcyEYl-dXGirI-Ua1XC8lIVlk5N5cuMB3FpP5z-pRc0Pc052JEB5KNBl4QT2gY4fLY1SnCGlEIDw" alt=""><figcaption></figcaption></figure>

Once you successfully logged in for the first time. You will be able to see the "Environment" page only under Global Tenant Setting (please refer to the screenshot below).&#x20;

You will be able to see all of the pages once you add any AWS or Azure account.

Now, hit the marked option to link your Microsoft Azure account.

<figure><img src="https://lh3.googleusercontent.com/kgr3Nl8HjGjOux7Ntdg1kVf4z5gFj8AS8KBA3xM4tZhMPsrWWYUJkLDjHJAC9GmsPjXPrQzJ8AwcCS2lDAxpT73V4vKK19NaPqgfT0aHC0_G_OJh40t0Dgwmx4U4qSzZlLxBe2FqmHwiwBw1UlGCFNzSPI3JQV-H0h-jgT9zVyHJQr1QXtoC4qwwimoVMQ" alt=""><figcaption></figcaption></figure>

Input the necessary credentials for&#x20;

1. Microsoft Azure account Client id
2. Client secret key
3. Subscription ID
4. Tenant ID,&#x20;

then verify. Then click next to input other information. <br>

<figure><img src="https://lh6.googleusercontent.com/HAyCVPybBNucybwK9QnoCPZWvedurL8ibSx7HIRZh3eaWPNJ5T0guNy89fGx40Nc9O4qPTZFepXQRP4VklspTelcy6lEUY5oQKLjb9vTJ0HDnWPn3dhp_A95SAvrZUcoJazda2GzzM3wNYy74Wt3K3s" alt=""><figcaption></figcaption></figure>

Then you will have the option to add Account and Organization details. Once the account is connected, the scan will get automatically started.

### Step 1: Create an App Registration

Go to **Azure Active Directory > App registrations > New registration**

<figure><img src="/files/rrSjYxfHkJI6NOnczd49" alt=""><figcaption></figcaption></figure>

### Step 2: Give API permissions to App Registration

#### 1. Search for all the above permissions listed below and add it to the created app.

* Application.Read.All
* AuditLog.Read.All
* Directory.Read.All
* Domain.Read.All
* Group.Read.All
* IdentityProvider.Read.All
* Policy.Read.All
* User.Read.All
* Reports.Read.All

#### 2. Grant admin consent for the default directory.

<figure><img src="/files/1088HCIg1mdBiGwCNbEL" alt=""><figcaption></figcaption></figure>

### Step 3: **Attach a custom built Role with Below role definition to the app for Subscription**

Go to **Subscription > Access control (IAM) > Add > Add role assignment** then add custom built role and assign the role to app.

```
{
    "properties": {
        "roleName": "ReadOnlyCustomRole",
        "description": "A custom role to view all resources, but does not allow you to make any changes in the infrastructure.",
        "assignableScopes": [
            "/subscriptions/{subscriptionId}"
        ],
        "permissions": [
            {
                "actions": [
                    "*/read",
                    "Microsoft.KeyVault/checkNameAvailability/read",
                    "Microsoft.KeyVault/deletedVaults/read",
                    "Microsoft.KeyVault/locations/*/read",
                    "Microsoft.KeyVault/vaults/*/read",
                    "Microsoft.KeyVault/operations/read"
                ],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}
```

#### Step 4: Create a client secret for the App

Go to **App registration** select your app and click on **Certificates & secrets > New client secret**

<figure><img src="/files/MmhDPLxqV7QrTeAh8xQR" alt=""><figcaption></figcaption></figure>

### Step 5: Copy Required Credentials

#### 1. Copy Client ID and Tenant ID

Go to **Azure Active Directory > App registrations**. Then click on the **application**.

<figure><img src="/files/dqhWtkm9sB3kHn5oDMMh" alt=""><figcaption></figcaption></figure>

#### 2. Copy Client Secret

Go to **Azure Active Directory > App registrations > Certificates & secrets**. Then copy the Client Secret.

<figure><img src="/files/KFuKVTTRu0kBm96fzeBW" alt=""><figcaption></figcaption></figure>

#### 3. Copy the Subscription ID

Go to **Subscriptions**. Copy the **Subscription ID**.

<figure><img src="/files/rHFhHpdlU78S0Dw0Ya2k" alt=""><figcaption></figcaption></figure>

<br>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs-acs.clouddefenseai.com/onboarding/how-to-onboard-microsoft-azure-account.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.