Discover Azure Accounts

Cloud discovery in Tenable Cloud Security supports onboarding single and multiple Azure subscriptions. To onboard an Azure tenant, provide the role details of the Azure tenant-level credentials and Tenable Cloud Security automatically discovers the subscriptions in that tenant. After Tenable Cloud Security discovers the subscriptions, you must configure them by providing the credentials before you can run a cloud scan for detecting misconfigurations in the cloud account. To onboard Azure subscriptions, perform the following tasks:

1. Discover Azure Subscriptions.

2. Configure Azure Subscriptions.

Discover Azure Subscriptions

Before you begin:

• Create an Azure service principal role with read access to the Azure subscriptions you are onboarding. For more information, see Create an Azure Service Principal Role.

To discover Azure subscriptions:

1. Click Projects and Connections.

2. Click Cloud Accounts.

   The list of all onboarded cloud accounts appears.

3. Click Discover accounts > Azure.

   The Configure Azure Service Principals or Root Management Group(s) window appears.

4. Discover a single or multiple Azure subscriptions.

   1. In the Subscription type toggle, select one of the following:

      • Single for onboarding a single subscription.

      • Multiple for onboarding multiple subscriptions in a tenant.

   2. Provide the following details of the service principal or root management group:

      • Client ID — Application ID of your subscription.

      • Secret Key — Value of the secret key for authentication of the service principal or root management group.

      • Tenant ID — Directory (tenant) ID of the service principal or root management group.

      • Subscription ID — Subscription ID of the service principal or root management group.

        Note: The subscription ID is optional for Multiple subscription type.

   3. (Optional) Click to add more subscriptions.

   4. Click Discover.

      For multiple subscription type, Tenable Cloud Security discovers all subscriptions under the tenant with the status as Discovered.

      Note: For multiple subscription type, Tenable Cloud Security schedules discovery every 24 hours and automatically discovers any new subscriptions in the tenant. All subscriptions discovered in the last 7 days show the label until they are configured or ignored.

Configure Azure Subscriptions

Configure the discovered subscriptions before you can run a cloud scan to assess the resources in the subscription for misconfigurations. To configure an Azure subscription, provide the client ID, secret key, tenant ID and assign the subscription to a project.

To configure Azure subscriptions:

1. Click > Configure in the row for the subscription you want to configure.

   The Configure Azure Account window appears.

2. Type the Client ID, Secret Key, and Tenant ID for the subscription, if required.

3. Click Next.

4. In the Assign a Project or Create a New Project section, do one of the following:

   • Select a project from the list of Azure projects.

     You can search for a project in the Search projects box.

   • Click New Project to create a new Azure project.

     1. Type a Project name for your new project.

     2. Select Azure for the provider.

     3. Click Create New Project.

     Tenable Cloud Security creates the new project and Tenable Cloud Security automatically selects this project for onboarding the Azure subscription.

5. Click Save.

   The Cloud Accounts page appears and shows the project assigned to the subscription.

6. Repeat these steps for all the discovered subscriptions you want to configure.

What to do next:

• Go to the Projects tab and run a cloud scan for the project. For more information, see Run a Cloud Scan.