Register an App on Azure Government
Create an app registration (service principal) on Azure government so that you can manually onboard your Azure government tenant to Prisma Cloud.
Register a new application on Azure Government so that you can manually connect your Azure Government resources to Prisma™ Cloud and monitor it for security vulnerabilities and ensure compliance.
- Register an app on Azure Government.To register an app on Azure Government, ensure that you have access to the following prerequisites:
- A Prisma Cloud tenant with permissions to onboard a cloud account.
- Access to Azure Government with the permissions to:
- Create an app registration (service principal).
- Create a custom role.
- Assign IAM roles at the tenant root level.
- Assign GraphAPI permissions at the tenant level.
- Grant admin consent for Azure AD Graph APIs.
- Register a new app.
- Log in to Azure Government.
- Select.Azure Active DirectoryApp registrations+ New registration
- Enter the application name.
- Select the supported account types.You have the options of choosing from single tenant, multitenant, multitenant and personal Microsoft accounts, or personal Microsoft accounts only.
- Optional—Enter the Redirect URI.The authentication response of the app will be returned to this URI.
- CopyApplication (client) IDandDirectory (tenant) IDto a secure location on your computer. You will later enter these details into the Prisma Cloud UI.
- Create the client secret.The client secret is a secret string that the application uses to prove its identity when requesting a token.
Make sure that you copyValueand notSecret ID.
- Select.Certificates & secrets+ New client secret
- Enter a clientDescription, selectExpiresto configure how long the client secret lasts, andAdd.
- CopyValueto a secure location.
- Get the Object ID.
- Select, and search for the app you previously created in the search box.Azure active directoryEnterprise applications
- CopyObject IDto a secure location on your computer.Make sure that you get theObject IDfor the Prisma Cloud application fromon the Azure portal—not fromEnterprise ApplicationsAll applicationsApp Registrations.
- Add roles to the root group.The following roles should be added to the root group:
- Reader and Data Access
- Network Contributor
- Storage Account Contributor
- To add these roles, clickHomeunder header to get back to azure portal.
- Add role assignment.
- Select.Management groupsTenant Root Group(your azure subscription)Access control (IAM)Role assignments+ AddAdd role assignment
- Search by role—Enter the name of the role you want to search for in the search box—for example—reader. Click on the role name in the results, and thenNext.
- Select members—ModifyAssign access toto assign the role to aUser, group, or service principal—or—Managed identity. Click+Select membersand then type in the name of the app you previously created in the search box to assign the role to your app. ClickSelectand thenNext.
- ClickReview + assign.
- Repeat these steps to add theReader and Data Access,Network Contributor, andStorage Account Contributorroles.
- Verify that all the roles have been added.
- SelectRole assignments.
- Enter the name of your app in the search form and view the roles that have been added.
- Add the Microsoft Graph APIs.
- Navigate to the app you previously registered.Select, and select your app.Azure Active DirectoryApp registrations
- Navigate to Microsoft Graph.Select.API permissions+ Add a permissionMicrosoft GraphApplication permissions
- Add the permissions.Enter the permission name inSelect permissions, and select the name fromPermission.Add the following permissions:
- Grant admin consent for Default Directory.
- Select.Grant admin consent for Default DirectoryYes
- Verify that the permissions are granted.You should see green check marks under theStatuscolumn.
Recommended For You
Recommended videos not found.