Connect an Azure Active Directory Tenant
Learn how to Connect Azure Commercial Active Directory Tenant, Connect Azure Government Active Directory Tenant, or Connect Azure China Subscription cloud resources on Prisma Cloud. Onboarding an
Azure Active Directory Tenant
connects the resources within your Azure subscription to Prisma Cloud.Connecting Prisma™ Cloud to your Azure cloud account enables you to analyze and monitor traffic logs, and detect potential malicious network activity or compliance issues. During the built-in onboarding process you have the option of using one of the following three methods to create the required Azure resources to authorize Prisma Cloud to access Azure APIs:
- Terraform (Recommended) This workflow automates the process of setting up the Prisma Cloud application on Azure Active Directory and enables read-only or read-write access to your Azure subscription.
Azure China workflows do not support the use of Terraform templates.
- Using Custom Role JSON Using a manually created Custom Role you also have the option to enforce least access privilege to restrict access. To achieve this you will need to manually set up the Prisma Cloud application on Active Directory and Create a Custom Role to authorize access to Azure APIs.
- Manually Authorizing Prisma Cloud If your organization restricts the use of Terraform scripts, you can choose to manually create the required Azure resources for Prisma Cloud to call the Azure APIs.
Connect Azure Commercial Active Directory Tenant
Ensure that you’ve reviewed the onboarding prerequisites prior to starting the onboarding process. The graphic below provides a visual overview of the steps you will take to onboard your account.
- Get Started
- Access Prisma Cloud and select .
- ChooseAzureas theCloud to Secure.
- SelectActive DirectoryunderScope.
- SelectCommercialas theDeployment Type.
- Security Capabilities and Permissions > Misconfigurationsis enabled by default to allow Prisma Cloud to detect misconfigurations and verify compliance.
- ClickNextto proceed with the onboarding flow.
- Configure Account
- On theConfigure Accountpage provide yourAccount DetailsincludingDirectory Tenant IDand choose anAccount Name.
- If you’re using the recommended Terraform template to provide the required account details, clickDownload Terraform Scriptand enter the form details from the script output. Provide details forApplication (Client) ID,Application Client Secret,Enterprise Application Object IDfrom the script output.
- You can also select a Default Account Group, or choose from one of the Account Groups in the drop-down.
- Click Next.
- Review Status
- On theReview Statuspage, ensure that all theSecurity Capabilitiesyou have selected display a green Enabled button. IfChecks Failedappears next to a selected function. Click the drop-down next to the failed check and add the missing permissions listed.
- ClickSave and Closeto complete onboarding orSave and Onboard Another Account.
Connect Azure Government Active Directory Tenant
To add an Azure Government account follow the steps outlined under Azure Commercial above, with the following exception:
- During the Get Started step, selectGovernmentas the deployment type.
Connect Azure China Subscription
Account onboarding on Prisma Cloud is only available for cloud resources currently deployed on Azure China. Follow the steps outlined under Azure Subscription above to onboard an Azure China account with the following exception:
- Azure China does not support the use of Terraform templates to onboard a cloud account. To get started with monitoring your Azure China Subscription, review the manual onboarding steps and gather the required information from your Azure China account.
