Microsoft Azure Subscription Integration

Before onboarding CWPP for Azure Subscription, you must have an Azure AD integration with Plerion as it uses the same App registration created in the integration. For more information, see Azure AD Integration.

Prerequisites

  • You have the following permissions:

    Role NameScopeDescription
    OwnerSubscriptionAssign roles to Plerion App to perform security checks for CSPM and create resource group, managed identity, and assign roles to enable CWPP

  • Prerequisites for Azure CWPP (Optional if you only want to enable CSPM)

Steps

  1. Navigate to Tenant Settings - Integrations. Filter by Inbound integrations and select Microsoft Azure Subscription.

Tenant Settings

  1. Select the Azure Active Directory from the drop down.

Tenant Settings

  1. To add the Azure subscription, users need to provide access to the App registration created in the Azure AD integration. This can be done using either the Azure CLI or Portal, instructions for which are provided. If you want to enable CWPP, select the default region where you want to create the dedicated resource group required for CWPP. Learn more about the resources created during CWPP Onboarding.

Tenant Settings

  1. Download the script and run it in a command line interface (CLI). You can also run the script in Azure Cloud Shell (opens in a new tab). Learn more about Azure Cloud Shell (opens in a new tab).
bash ms-azure-install-plerion.sh

This will show the following output:

CLI Output

đź’ˇ

Note: The listed subscriptions are the ones that are available to the user. Use the number associated with the subscription to select the subscription in subsequent steps or press 'y' to install on all subscriptions.

  1. Install the CSPM roles setup by pressing 'y'. You can select the number associated with the subscription (shown in step 4) to install CSPM on a specific subscription.

  2. Optionally skip the optional CSPM roles setup by pressing 's'. You can, however, install the optional CSPM roles by pressing 'y' and running the steps. CLI Output

  3. Install the CWPP roles by pressing 'y' to install CWPP on all subscriptions or the number associated with the subscription (shown in step 4) to install CWPP on a specific subscription. CLI Output

  4. Return to the Plerion platform to continue the onboarding process.

  5. There are other optional permissions the user can provide.

Tenant Settings

Tenant Settings

  1. Once all permissions have been provided, select 'Verify access'. This will then display all subscriptions added based on the permissions provided.

Tenant Settings

  1. Select 'Add subscriptions'. The Azure subscriptions will be added to the tenant.

Troubleshooting

Refer to the Troubleshooting Onboarding Errors for Azure Subscription guide for more information.

Microsoft Azure Active DirectoryPrerequisites for Enabling Azure CWPP