Onboarding Azure Subscriptions

AzureClosed Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®. offers infrastructure, platform, and software as services for cloud-based data management and applications (virtual machines, storage accounts, virtual networks, web apps, databases, or database servers).

To identify misconfiguration and compliance risks in Azure resources, you can onboard your Azure subscription to CloudGuard.

General Workflow

To successfully onboard Azure, you must:

  • Align with the Azure prerequisites

  • Log in to the CloudGuard portal and complete the CloudGuard onboarding wizard

    • Select a mode: Read-only or Manage

    • Log in to Azure

    • Create a new app registration for CloudGuard

    • Copy the App ID to CloudGuard

    • Create a secret for CloudGuard

    • Copy the Tenant ID to CloudGuard

    • Copy the Subscription ID to CloudGuard

    • Create IAM roles for CloudGuard

    • Set the CloudGuard Display Name

    • Select a CloudGuard Organizational Unit for the Azure account

  • Troubleshoot to remove initial errors

Azure Account Management Modes

There are two ways to manage your Azure account in CloudGuard.

  • Read-Only - In this mode, you can view details for your Azure subscription in CloudGuard, run compliance tests on them, and receive alerts, notifications, and reports of activities and changes to cloud entities, but you cannot actively manage them from CloudGuard.

  • Manage - In this mode, you have all the capabilities of Read-Only mode but, in addition, you can use CloudGuard to actively manage your Network Security Groups.