Add a New Azure Account and Enable Data Security
Add an Azure Subscription and enable data security to
scan blobs/objects in your storage account.
Begin here if you want to add your Azure subscription
account on Prisma Cloud and start scanning the resources stored
in your storage account.
- Add a new Azure account on Prisma Cloud.
- Select .
- SelectAzure, enter aAccount Name, and select to onboard aAzure Subscriptionfor aCommercialcloud type.
- Select theMode.Decide whether to enable permissions to onlyMonitor(read-only access) or toMonitor and Protect(read-write access) the resources in your cloud account. Your selection determines which Terraform template is used to automate the process of creating the custom role required for Prisma Cloud.
- Follow the instructions to get yourDirectory (Tenant) IDandSubscription IDfrom your Azure portal, enter it in the Prisma Cloud UI, and clickNext.Prisma Cloud requires your AzureSubscription IDto identify your Azure cloud account and retrieve the storage account and key vault information and yourDirectory (Tenant) IDto identify your tenant.
- Follow the instructions to get theApplication (Client) ID,Application Client Secret, and theEnterprise Application Object IDand enter it in the Prisma Cloud UI.
- SelectIngest & Monitor Network Security Group Flow Logsand clickNext.
- Select theAccount Groupsyou want to add and clickNext.
You must assign each cloud account to an account group, and Create an Alert Rule for Run-Time Checks to associate the account group with it to generate alerts when a policy violation occurs. - Review theStatusand clickSave.
The newly added Azure account is displayed on theCloud Accountspage.If Prisma Cloud is able to successfully connect to your Azure subscription and retrieve information, the status is displayed with a green check mark. If Prisma Cloud is unable to retrieve the logs, the message indicates what failed. See Troubleshoot Azure Account Onboarding to resolve the issue.
- Enable Data Securityto scan all your resources or you can choose to customize what you want to scan.
- Click the edit [
] icon to view Account Overview.
- Configuredata security for this account.
- Follow the instructions to get theClient IDandClient Secretfrom your Azure account, enter it in theApplication (Client) IDandApplication Client Secretfields in the Prisma Cloud UI, and clickNext.
- Configure Scanto scan all your resources or you can choose to customize what you want to scan.
- When you selectScan All Resources, Prisma Cloud will forward scan and backward scan all eligible objects in the resources for public exposure, sensitive data, and malware. The forward scan inspects any new or modified objects, and the backward scan is retrospective, which means that it inspects objects that exist in the resource. The size and number of objects that you want to scan within your resource will determine how many Prisma Cloud credits are used for Data Security.
- When you selectCustom Scan Resources, Prisma Cloud will forward scan and/or backward scan eligible objects in selected resources.
- After data security is successfully configured, theStatuspage displays a success message.
If it takes Azure some time to grant permission to Prisma Cloud, you will see theData Security is not successfully configuredmessage. You can check the status after some time. If there are permission errors, see Troubleshoot Data Security Errors to resolve the error. - ClickDoneto view Account Overview.
After you have enabled Data Security for the Azure account, you canConfigure Scanto enable scanning of additional resources or to modify the scan settings.
