Prerequisites
User Who will be proceeding with addition of app registration and allocation of role to app must have below permission attached.
Microsoft Entra ID level Access:
Global Administrator
Subscription level Access (Role attached to User) :
- Owner( Allow user to assign all roles (highly privileged) )
Step 1:
Log in to Cloud Security portal using the link received in email from us to complete the registration process and login.
Once you successfully logged in for the first time. You will be able to see the "Onboard Accounts" page only under Global Tenant Setting (please refer to the screenshot below).
Step 2:
You will be able to see all of the pages once you add an Azure account.
Step 3:
Click the Microsoft Azure account Icon in the above screenshot to start the onboarding process.
Step 4:
Select “Single Subscription” Icon and click on Next button in the above screenshot to continue the onboarding process for a single account.
Step 5:
Provide the account name and labels and click on next in the above screenshot.
Step 6:
Choose the business unit or create a new and click on next button to continue the onboarding process from above screenshot
Step 7:
Select the
Detection Permissions
Detection: Read-Only
Detection and Enforcement In-network
and click on Next on above screenshot to continue
Step 8:
Enter Subscription ID for your Azure account, that you want to onboard and click on Generate Script on above screenshot
This Subscription ID will be used to generate a bash script, which will be further used to obtain you account credentials for next steps .
Step 9:
Download both the files in the screenshot
Login and Open your Azure Cloud Console
Click on Cloud Shell Icon and Cloud Shell Editor will be opened at the bottom of your screen
Select Bash options from Cloud Shell Editor.
Click on the Manage files options of Cloud Shell Editor and select on upload button and upload both files downloaded above.
Type the following command in the terminal below to login to the terminal.
az login
You might be logged in previously to the terminal, we still recommend completing the instructions below as Bash terminal by default does not enable MSI.
Follow the instructions in the terminal, to complete the sign-in process. (sign-in link will be provided in terminal, click the link to sign-in)
Give execution permission to onboarding shell script file using below command
chmod +x cd_cloudshield_onboarding.sh
Run the following command into the terminal to execute the bash file saved in your editor.
./cd_cloudshield_onboarding.s
Step 10:
Please copy above configuration values and paste it on Below page and click on verify keys of to continue Onboarding
Once it is verified click on Connect Subscription.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article