Onboard Azure Cloud Account in SCM
Focus
Focus
AI Runtime Security

Onboard Azure Cloud Account in SCM

Table of Contents


Onboard Azure Cloud Account in SCM

Onboard your Azure cloud account in Strata Cloud Manager (SCM).
Onboard the Azure cloud account in SCM and create a Terraform configuration to generate a service account to discover cloud assets and manage AI Runtime Security instances.
Where Can I Use This?What Do I Need?
  • Creating an Azure Service Account for SCM Integration
Prerquisities:
  • To onboard more than one Azure subscription on the same tenant:
    Assign Azure roles using the Azure portal for the following roles: Azure Kubernetes Service Cluster User, Storage Blob Data Reader, and Reader to the relevant user, group, or service principal.
  1. Log in to SCM.
  2. Select Insights → AI Runtime Security.
    1. If you are onboarding a cloud account for the first time, select Insights → AI Runtime Security and click Get Started.
    2. If you have previously onboarded a cloud account, click the Cloud Account Manager (cloud) icon.
  3. Select Add Cloud Account.
  4. Select Cloud Service Provider as Azure and select Next.
  5. Enter basic information:
    • A unique Name to identify your onboarded cloud account. (Limit the name to 32 characters).
    • Azure Tenant ID.
    • Azure Subscription Id.
    Refer to the section on how to get subscription and tenant IDs in the Azure portal.
  6. Click Next.
  7. In Application Definition, select Next.
    The namespace shows applications from Pods/Cluster workloads, while VPC/VNETs display applications from virtual machine workloads.
  8. Input Storage Account Name .
    Enter only lowercase letters and numbers; the name must be between 3 and 24 characters.
  9. Download Terraform.
  10. Execute Terraform. Save and unzip the downloaded Terraform zip file.
  11. Navigate to the panw-discovery-<tsgid>-onboarding/azr folder and follow the `README.md` instructions to apply the Terraform in Azure to create the resources and add the role assignments.
    #Login to the Azure tenant from CLI and replace the "Tenant_Id" with your tenant_id value az login -t <Tenant_Id> #Replace the value with your subscription_id that is being onboarded az account set -s <Subscription_id> #Deploy the Terraform terraform init terraform plan terraform apply
  12. Log in to Azure Portal. Make sure you see the logs in Azure Storage Account → Data Storage → Containers → Insight flow logs and verify the date and hour.
  13. Select Done.
    This validates the successful creation of a service account in Azure.
  14. You can now view and manage the onboarded cloud accounts in SCM.
  15. The SCM dashboard under Insights → AI Runtime Security shows all the cloud assets discovered.
    Initial data should populate on SCM in about 15 minutes and the flow logs may have a delay of about 3 hrs to show up on the SCM UI.