How to Onboard Microsoft Azure Account
Log in to CloudSecOps portal using your credentials.
Once you successfully logged in for the first time. You will be able to see the "Environment" page only under Global Tenant Setting (please refer to the screenshot below).
You will be able to see all of the pages once you add any AWS or Azure account.
Now, hit the marked option to link your Microsoft Azure account.
Input the necessary credentials for
Microsoft Azure account Client id
Client secret key
Subscription ID
Tenant ID,
then verify. Then click next to input other information.
Then you will have the option to add Account and Organization details. Once the account is connected, the scan will get automatically started.
Step 1: Create an App Registration
Go to Azure Active Directory > App registrations > New registration
Step 2: Give API permissions to App Registration
1. Search for all the above permissions listed below and add it to the created app.
Application.Read.All
AuditLog.Read.All
Directory.Read.All
Domain.Read.All
Group.Read.All
IdentityProvider.Read.All
Policy.Read.All
User.Read.All
Reports.Read.All
2. Grant admin consent for the default directory.
Step 3: Attach a custom built Role with Below role definition to the app for Subscription
Go to Subscription > Access control (IAM) > Add > Add role assignment then add custom built role and assign the role to app.
Step 4: Create a client secret for the App
Go to App registration select your app and click on Certificates & secrets > New client secret
Step 5: Copy Required Credentials
1. Copy Client ID and Tenant ID
Go to Azure Active Directory > App registrations. Then click on the application.
2. Copy Client Secret
Go to Azure Active Directory > App registrations > Certificates & secrets. Then copy the Client Secret.
3. Copy the Subscription ID
Go to Subscriptions. Copy the Subscription ID.
Last updated