Add a New Azure Account and Enable Data Security

Add an Azure Subscription and enable data security to scan blobs/objects in your storage account.
Begin here if you want to add your Azure subscription account on Prisma Cloud and start scanning the resources stored in your storage account.
  1. Add a new Azure account on Prisma Cloud.
    1. Select
      Settings
      Cloud Accounts
      Add Cloud Account
      .
    2. Select
      Azure
      , enter a
      Account Name
      , and select to onboard a
      Azure Subscription
      for a
      Commercial
      cloud type.
    3. Select the
      Mode
      .
      Decide whether to enable permissions to only
      Monitor
      (read-only access) or to
      Monitor and Protect
      (read-write access) the resources in your cloud account. Your selection determines which Terraform template is used to automate the process of creating the custom role required for Prisma Cloud.
    4. Follow the instructions to get your
      Directory (Tenant) ID
      and
      Subscription ID
      from your Azure portal, enter it in the Prisma Cloud UI, and click
      Next
      .
      Prisma Cloud requires your Azure
      Subscription ID
      to identify your Azure cloud account and retrieve the storage account and key vault information and your
      Directory (Tenant) ID
      to identify your tenant.
    5. Follow the instructions to get the
      Application (Client) ID
      ,
      Application Client Secret
      , and the
      Enterprise Application Object ID
      and enter it in the Prisma Cloud UI.
    6. Select
      Ingest & Monitor Network Security Group Flow Logs
      and click
      Next
      .
    7. Select the
      Account Groups
      you want to add and click
      Next
      .
      You must assign each cloud account to an account group, and Create an Alert Rule for Run-Time Checks to associate the account group with it to generate alerts when a policy violation occurs.
    8. Review the
      Status
      and click
      Save
      .
      The newly added Azure account is displayed on the
      Cloud Accounts
      page.
      If Prisma Cloud is able to successfully connect to your Azure subscription and retrieve information, the status is displayed with a green check mark. If Prisma Cloud is unable to retrieve the logs, the message indicates what failed. See Troubleshoot Azure Account Onboarding to resolve the issue.
  2. Enable Data Security
    to scan all your resources or you can choose to customize what you want to scan.
    1. Click the edit [ ] icon to view
      Account Overview
      .
    2. Configure
      data security for this account.
    3. Follow the instructions to get the
      Client ID
      and
      Client Secret
      from your Azure account, enter it in the
      Application (Client) ID
      and
      Application Client Secret
      fields in the Prisma Cloud UI, and click
      Next
      .
    4. Configure Scan
      to scan all your resources or you can choose to customize what you want to scan.
      • When you select
        Scan All Resources
        , Prisma Cloud will forward scan and backward scan all eligible objects in the resources for public exposure, sensitive data, and malware. The forward scan inspects any new or modified objects, and the backward scan is retrospective, which means that it inspects objects that exist in the resource. The size and number of objects that you want to scan within your resource will determine how many Prisma Cloud credits are used for Data Security.
      • When you select
        Custom Scan Resources
        , Prisma Cloud will forward scan and/or backward scan eligible objects in selected resources.
    5. After data security is successfully configured, the
      Status
      page displays a success message.
      If it takes Azure some time to grant permission to Prisma Cloud, you will see the
      Data Security is not successfully configured
      message. You can check the status after some time. If there are permission errors, see Troubleshoot Data Security Errors to resolve the error.
    6. Click
      Done
      to view Account Overview.
      After you have enabled Data Security for the Azure account, you can
      Configure Scan
      to enable scanning of additional resources or to modify the scan settings.

Recommended For You