Connect an Azure Active Directory Tenant

Learn how to Connect Azure Commercial Active Directory Tenant, Connect Azure Government Active Directory Tenant, or Connect Azure China Subscription cloud resources on Prisma Cloud. Onboarding an
Azure Active Directory Tenant
connects the resources within your Azure subscription to Prisma Cloud.
Connecting Prisma™ Cloud to your Azure cloud account enables you to analyze and monitor traffic logs, and detect potential malicious network activity or compliance issues. During the built-in onboarding process you have the option of using one of the following three methods to create the required Azure resources to authorize Prisma Cloud to access Azure APIs:
  • Terraform (Recommended) This workflow automates the process of setting up the Prisma Cloud application on Azure Active Directory and enables read-only or read-write access to your Azure subscription.
Azure China workflows do not support the use of Terraform templates.
  • Using Custom Role JSON Using a manually created Custom Role you also have the option to enforce least access privilege to restrict access. To achieve this you will need to manually set up the Prisma Cloud application on Active Directory and Create a Custom Role to authorize access to Azure APIs.
  • Manually Authorizing Prisma Cloud If your organization restricts the use of Terraform scripts, you can choose to manually create the required Azure resources for Prisma Cloud to call the Azure APIs.

Connect Azure Commercial Active Directory Tenant

Ensure that you’ve reviewed the onboarding prerequisites prior to starting the onboarding process. The graphic below provides a visual overview of the steps you will take to onboard your account.
  1. Get Started
    1. Access Prisma Cloud and select
      Cloud Accounts
      Add Cloud Account
    2. Choose
      as the
      Cloud to Secure
    3. Select
      Active Directory
    4. Select
      as the
      Deployment Type
    5. Security Capabilities and Permissions > Misconfigurations
      is enabled by default to allow Prisma Cloud to detect misconfigurations and verify compliance.
    6. Click
      to proceed with the onboarding flow.
  2. Configure Account
    1. On the
      Configure Account
      page provide your
      Account Details
      Directory Tenant ID
      and choose an
      Account Name
    2. If you’re using the recommended Terraform template to provide the required account details, click
      Download Terraform Script
      and enter the form details from the script output. Provide details for
      Application (Client) ID
      Application Client Secret
      Enterprise Application Object ID
      from the script output.
    3. You can also select a Default Account Group, or choose from one of the Account Groups in the drop-down.
    4. Click Next.
  3. Review Status
    1. On the
      Review Status
      page, ensure that all the
      Security Capabilities
      you have selected display a green Enabled button. If
      Checks Failed
      appears next to a selected function. Click the drop-down next to the failed check and add the missing permissions listed.
    2. Click
      Save and Close
      to complete onboarding or
      Save and Onboard Another Account

Connect Azure Government Active Directory Tenant

To add an Azure Government account follow the steps outlined under Azure Commercial above, with the following exception:
  • During the Get Started step, select
    as the deployment type.

Connect Azure China Subscription

Account onboarding on Prisma Cloud is only available for cloud resources currently deployed on Azure China. Follow the steps outlined under Azure Subscription above to onboard an Azure China account with the following exception:
  • Azure China does not support the use of Terraform templates to onboard a cloud account. To get started with monitoring your Azure China Subscription, review the manual onboarding steps and gather the required information from your Azure China account.

Recommended For You