Configure Agentless Scanning for Azure

Log in to your Prisma Cloud Compute Console.
Go to
Manage > Cloud
Accounts.
Click
+Add account
.
Enter the needed information in the
Account config
pane.

Select Cloud provider
: Azure
Name:
For example: PCC Azure Agentless.
Description:
Provide an optional string, for example: <Product-name> release.
Authentication method:
Service key
: Paste the JSON object for the Service Principal you created.
Certificate
: Use a client certificate for authentication.
Managed Identity
: Use Managed Identity authentication to access Azure resources without entering any client secrets or certificates.
Click Next.
Complete the configuration in the
Scan account
pane:

Enable
Agentless scanning
.
Set the
Console URL
and
Port
to the address of your Prisma Cloud console that can be reached from the internet. To create an address or FQDN reachable from the internet, complete the Subject Alternative Names procedure.
Expand* Advanced settings*.

If you use a proxy for traffic leaving your Azure tenant, enter the
Proxy
address and add it’s Certificate Authority certificate.
Under
Scan scope
you can choose
All regions
to scan for VMs in all Azure regions. If you choose
Custom regions
, enter the Azure region in which you want Prisma Cloud to scan for VMs.
Enter tags under
Exclude VMs by tags
to further limit the scope of the scan.
Choose whether or not to
Scan non running hosts
Choose whether or not to enable
Auto-scale scanning
. If you disable auto-scale, specify number of scanners Prisma Cloud should employ.
Enter the
Security group ID
and
Subnet ID
that are created to allow the Prisma Cloud console to communicate back with Azure.
Click
Next
.
In the
Discovery features
page, leave the
Cloud discovery
settings unchanged.

Click
Add account
.