Onboard an Azure Account

In Tenable Cloud Security, you can connect your Microsoft Azure cloud account using a service principal. In Microsoft Azure, a service principal is an entity that requires access to the resources secured by a Microsoft Entra ID tenant.

Before you begin:

• Ensure you have the following Azure values:

  • Client ID

  • Secret value

  • Tenant ID

  For more information, see Create an Azure Service Principal Role.

To connect an Azure subscription with a service principal:

1. In the left navigation bar, click > Connection > Azure subscription.

2. In the Choose a workflow to discover Azure subscriptions section, click Service principal (recommended).

3. Click Continue.

4. In the Discover Azure subscription(s) section, enter your Client ID, Secret value, and Tenant ID.

5. Click Continue.

   Tenable Cloud Security connects to your Microsoft Azure account using the specified credentials, and displays the list of subscriptions.

6. In the Choose Azure subscription(s) section, select the required subscriptions.

7. Click Continue.

8. For the selected subscriptions, in the Choose resource group(s) section, do one of the following:

   • To select all available resource groups, click All (recommended).

   • To select specific resource groups, click Specific, and select a resource group in the list.

     Tip: You can search for specific resource groups, and filter the list by subscriptions.

9. Click Continue.

10. (Optional) In the Choose projects to add the Azure project(s) to section, create or select a project for the Azure subscription.

    • To create a new project for your Azure account, click Add a project. For more information, see Create a Project.

    • Select a project from the list.

      Tip: You can also search for specific projects.

11. In the Choose prerequisites section, select the check boxes:

    • Ensure that you have granted all permissions.

    • Ensure that you already have snapshots or or followed the provided instructions to create snapshots for the instances you wish to scan.

      Click the links to view documentation for providing permissions to Tenable Cloud Security for scanning and creating snapshots for Agentless Assessment.

12. Click Connect Cloud Account.

    On the Projects & Connections page, you can view the Azure project with the connected Azure account and view the selected VPCs.