>
    Strata Copilot
    Create a Microsoft Azure Application Registration Machine
    Focus
    Focus
    1. Home
    2. Next‑Gen Trust Security
    3. Next-Gen Trust Security
    4. Next-Gen Trust Security Overview
    5. Welcome to Installations
    6. About Machines
    7. Create a New Machine
    8. Create a Microsoft Azure Application Registration Machine
    Next‑Gen Trust Security

    Create a Microsoft Azure Application Registration Machine

    Table of Contents

    Create a Microsoft Azure Application Registration Machine

    Creating this machine enables Next-Gen Trust Security to connect to a Microsoft Azure Application Registration and discover the certificates configured as application credentials.

    Before you begin

    Note: To create a Microsoft Azure Application Registration machine, you must have the Superuser role.
    You will need the following information to complete this procedure:
    • Tenant ID
    • Client ID
    • Client secret
    • Credentials: Choose between user credentials or shared credentials.
      • User credentials: The account you use must have administrative permissions.
      • Shared credentials: Optionally, you can use shared credentials from your credential provider (CyberArk is the only credential provider currently supported by Next-Gen Trust Security). To use this option, first set up the connection to CyberArk.
    • At least one active VSatellite
    • CyberArk permissions for Azure: You must specify these permissions when defining the role's permission policy.
    Note: The Azure application registration must have sufficient permissions to query application credentials. If the permissions are insufficient, the connection test fails with an "Insufficient privileges to complete the operation" error.
    1. Enter the Tenant ID.
    2. Select a Credential Type.
    3. Enter the Client ID.
    4. Enter the Client Secret.
    5. Click Test Access, then click Continue.Continue is available only after a successful test.
      Note: If Test Access fails, verify that the client secret value (not the secret ID) is entered and ensure the Azure Application Registration has sufficient permissions.

    What's next?

    Refer back to Create a new machine to finish setting up your new machine by configuring discovery schedules.
    For existing machines:

    © 2026 Palo Alto Networks, Inc. All rights reserved.