Onboard Azure Cloud Account in Strata Cloud Manager

Table of Contents

Azure Cloud Account Onboarding Prerequisites

Onboard your Azure cloud account in Strata Cloud Manager.

Onboard Azure cloud account in Strata Cloud Manager. Create and download an onboarding Terraform template. When you apply this template in your cloud environment, it generates a service account with sufficient permissions. These permissions enable discovery within your cloud environment, granting access to network flow logs, asset inventory details, and other essential cloud resources.

Where Can I Use This?	What Do I Need?
Creating an Azure Service Account for Strata Cloud Manager Integration	Azure Cloud Account Onboarding Prerequisites

Before you begin, check your licences and ensure you meet the minimum AI Runtime Security prerequisites.

Log in to Strata Cloud Manager.
Select Insights → AI Runtime Security.
1. If you are onboarding a cloud account for the first time, select Insights → AI Runtime Security and click Get Started under the Network tab.
2. If you have previously onboarded a cloud account, select Network from the AI Runtime Security drop-down list at the top. Click the Cloud Account Manager (cloud) icon.
Select Add Cloud Account.
Select Cloud Service Provider as Azure and select Next.
Enter basic information:
- A unique Name to identify your onboarded cloud account. (Limit the name to 32 characters).
- Azure Tenant ID.
- Azure Subscription ID.
Refer to the section on how to get subscription and tenant IDs in the Azure portal.
Enable "Bring your own Azure virtual network" to discover Kubernetes-related vnets:
In Azure Portal, navigate to Kubernetes services → [Your Cluster]→ Settings→ Networking.
Under Network configuration, select Azure CNI as the Network plugin, then enable Bring your own Azure virtual network.
Click Next.
In Application Definition, select Next.

The namespace shows applications from Pods/Cluster workloads, while VPC/VNETs display applications from virtual machine workloads.
Input Storage Account Name (Enter only lowercase letters and numbers; the name must be between 3 and 24 characters).

This is the storage account name that you created in the Azure Cloud Account Onboarding Prerequisites step.
Download Terraform.
Execute Terraform. Save and unzip the downloaded Terraform zip file.

Navigate to the panw-discovery-<tsgid>-onboarding/azr folder and follow the `README.md` instructions to apply the Terraform in Azure to create the resources and add the role assignments.

#Login to the Azure tenant from CLI and replace the "Tenant_Id" with your tenant_id value
az login -t <Tenant_Id>

#Replace the value with your subscription_id that is being onboarded
az account set -s <Subscription_id>

#Deploy the Terraform
terraform init
terraform plan
terraform apply

Log in to Azure Portal. Make sure you see the logs in Azure Storage Account → Data Storage → Containers → Insight flow logs and verify the date and hour.
Select Done.

This validates the successful creation of a service account in Azure.
You can now view and manage the onboarded cloud accounts in Strata Cloud Manager.
The Strata Cloud Manager dashboard under Insights → AI Runtime Security shows all the cloud assets discovered.

Initial data should populate on Strata Cloud Manager in about 15 minutes and the flow logs may have a delay of about 3 hrs to show up on the Strata Cloud Manager dashboard.