1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma™ Cloud Administrator's Guide
    5. Prisma Cloud Data Security
    6. Enable Prisma Cloud Data Security
    7. Add an Azure Subscription or Tenant and Enable Data Security

    Add an Azure Subscription or Tenant and Enable Data Security

    Add your Azure Subscription or Azure Tenant and enable data security on Prisma Cloud to scan blobs or objects in your storage account.

    Add Azure Subscription

    Begin here if you want to add your Azure subscription account on Prisma Cloud and start scanning the resources stored in your storage account.
    1. Add a new Azure account on Prisma Cloud.
      1. Select
        Settings
        Cloud Accounts
        Add Cloud Account
        .
      2. Select
        Azure
        , enter a
        Account Name
        , and select to onboard a
        Azure Subscription
         for a
        Commercial
         cloud type.
      3. Select the
        Mode
        .
        Decide whether to enable permissions to only
        Monitor
         (read-only access) or to
        Monitor and Protect
         (read-write access) the resources in your cloud account. Your selection determines which Terraform template is used to automate the process of creating the custom role required for Prisma Cloud.
      4. Follow the instructions to get your
        Directory (Tenant) ID
         and
        Subscription ID
         from your Azure portal, enter it in the Prisma Cloud UI, and click
        Next
        .
        Prisma Cloud requires your Azure
        Subscription ID
         to identify your Azure cloud account and retrieve the storage account and key vault information and your
        Directory (Tenant) ID
         to identify your tenant.
      5. Follow the instructions to get the
        Application (Client) ID
        ,
        Application Client Secret
        , and the
        Enterprise Application Object ID
         and enter it in the Prisma Cloud UI.
      6. Select
        Ingest & Monitor Network Security Group Flow Logs
         and click
        Next
        .
      7. Select the
        Account Groups
         you want to add and click
        Next
        .
        You must assign each cloud account to an account group, and Create an Alert Rule for Run-Time Checks to associate the account group with it to generate alerts when a policy violation occurs.
      8. Review the
        Status
         and click
        Save
        .
        The newly added Azure account is displayed on the
        Cloud Accounts
         page.
        If Prisma Cloud is able to successfully connect to your Azure subscription and retrieve information, the status is displayed with a green check mark. If Prisma Cloud is unable to retrieve the logs, the message indicates what failed. See Troubleshoot Azure Account Onboarding to resolve the issue.
    2. Enable Data Security
       to scan all your resources or you can choose to customize what you want to scan.
      1. Click the edit ( ) icon to view
        Account Overview
        .
      2. Configure
         data security for this account.
      3. Follow the instructions to get the
        Client ID
         and
        Client Secret
         from your Azure account, enter it in the
        Application (Client) ID
         and
        Application Client Secret
         fields in the Prisma Cloud UI, and click
        Next
        .
      4. Configure Scan
         to scan all your resources or you can choose to customize what you want to scan.
        • When you select
          Scan All Resources
          , Prisma Cloud will forward scan and backward scan all eligible objects in the resources for public exposure, sensitive data, and malware. The forward scan inspects any new or modified objects, and the backward scan is retrospective, which means that it inspects objects that exist in the resource. The size and number of objects that you want to scan within your resource will determine how many Prisma Cloud credits are used for Data Security.
        • When you select
          Custom Scan Resources
          , Prisma Cloud will forward scan and/or backward scan eligible objects in selected resources.
      5. After data security is successfully configured, the
        Status
         page displays a success message.
        If it takes Azure some time to grant permission to Prisma Cloud, you will see the
        Data Security is not successfully configured
         message. You can check the status after some time. If there are permission errors, see Troubleshoot Data Security Errors to resolve the error.
      6. Click
        Done
         to view Account Overview.
        After you have enabled Data Security for the Azure account, you can
        Configure Scan
         to enable scanning of additional resources or to modify the scan settings.

    Add Azure Tenant

    Begin here if you want to add your Azure tenant on Prisma Cloud and start scanning the resources stored in your storage account.
    2. Enable Data Security
       to scan all your resources or custom resources in your Azure tenant.
      1. Navigate to
        Settings
        Cloud Accounts
        Azure
        .
      2. Click the edit ( ) icon to view
        Account Overview
        .
      3. Configure
         data security for this account.
      4. Follow the instructions to get the
        Client ID
         and
        Client Secret
         from your Azure account, enter it in the
        Application (Client) ID
         and
        Application Client Secret
         fields in the Prisma Cloud UI, and click
        Next
        .
      5. Configure Scan
         to scan all your resources or you can choose to customize what you want to scan.
        • When you select
          Scan All Resources
          , Prisma Cloud will forward scan and backward scan all eligible objects in the resources for public exposure, sensitive data, and malware. The forward scan inspects any new or modified objects, and the backward scan is retrospective, which means that it inspects objects that exist in the resource. The size and number of objects that you want to scan within your resource will determine how many Prisma Cloud credits are used for Data Security.
        • When you select
          Custom Scan Resources
          , Prisma Cloud will forward scan and/or backward scan eligible objects in selected resources.
      6. After data security is successfully configured, the
        Status
         page displays a success message.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo