Enabling CWPP for existing Azure Subscriptions

This guide will help you enable CWPP for existing Azure subscription integration. To learn more about Azure CWPP architecture, see Azure CWPP Architecture.

Prerequisites

• You have the following permissions:

  Role Name	Scope	Description
  Owner	Subscription	Create resource group, managed identity, and assign roles to enable CWPP

• Prerequisites for Azure CWPP

Steps

1. Navigate to Settings - Integrations. Filter by Inbound integrations and select Microsoft Azure Subscription.

2. Select the Azure Active Directory from the drop-down.

3. Select the default region where you want to create the dedicated resource group required for CWPP. Learn more about the resources created during CWPP Onboarding.

4. Download the script and run it in a command line interface (CLI). You can also run the script in Azure Cloud Shell (opens in a new tab). Learn more about Azure Cloud Shell (opens in a new tab).

bash ms-azure-install-plerion.sh

This will show the following output:

5. Optionally skip the CSPM roles setup by pressing 's'. You can, however, re-install the CSPM roles by running pressing 'y' and running the steps.

6. Optionally skip the optional CSPM roles setup by pressing 's'. You can, however, re-install the optional CSPM roles by pressing 'y' and running the steps.

7. Install the CWPP roles by pressing 'y' to install CWPP on all subscriptions or the number associated with the subscription (shown in step 4) to install CWPP on a specific subscription.

8. Return to Plerion App and click on 'Verify access'. This will then display all subscriptions added based on the permissions provided.

9. Select 'Save subscriptions'. The Azure subscriptions will be updated with CWPP capability.

Troubleshooting

Refer to the Troubleshooting Onboarding Errors for Azure Subscription guide for more information.