How to connect an Azure tenant

Prev Next

Overview

This document provides information on how to connect Azure tenants to Cloud Entitlements. When connecting an Azure tenant, integration with Microsoft 365 and Active Directory is carried out if they are linked to your Microsoft account.

To connect an Azure tenant, certain requirements must be met on the Azure platform, which will be assigned through an automated script. The script is responsible for:

  • Create Azure AD App Registrations
  • Delete Azure AD App Registrations
  • Assign Microsoft Graph API permissions
  • Generate client secrets
  • Grant admin consent
  • Assign RBAC roles at subscription level
Info

It's not possible to use different application registrations that belong to the same tenant, as it would cause duplicity.

Prerequisites

  • Script that automates obtaining the necessary requirements. See Connect an Azure tenant to learn how to get the script.

Connect an Azure tenant

To connect an Azure tenant to Cloud Entitlements, see the following steps:

  1. Access Cloud Security.
  2. Access the Cloud Entitlements product.
  3. In the Cloud Entitlements menu, click Setup > Microsoft Azure.
  4. Click + Connect.
  5. Select the integration mode.
  6. Download the script, meet the prerequisites, and run it.
  7. In the Name * field, enter a name for your account.
  8. In the Tenant ID * field, enter the tenant ID.
  9. In the Secret value * field, enter the client secret value.
    Info

    The secret value won’t be visible after connecting with the tenant.

  10. In the Application ID * field, enter the application ID.
  11. (Optional): In the Tags field, enter tags to the account. Separate each tag by pressing the Enter key.
  12. Click the Save button.

Upon successful connection, your Azure tenant will appear in the list of connected accounts. If the connection fails, review the API permissions, the role, and the client secret. You can't use the secret of a tenant that is already connected to Cloud Entitlements.

To make any necessary changes, click Action > Edit. Additionally, you can activate or deactivate the account by toggling the Status button.