Onboard Azure
Connect Microsoft Azure to ARMO
Overview
ARMO seamlessly integrates with Microsoft Azure. It leverages a predefined template that can be deployed effortlessly through Azure’s built-in wizard.
Deploying the ARMO Read-Access ARM Template creates a custom Azure Active Directory (AAD) application and a Service Principal with read-only permissions (via the Reader role).
This configuration enables ARMO to perform a secure, automated discovery of your Azure environment — including compliance checks, configuration audits, and threat detection telemetry.
Depending on your organization setup, you can connect a single Azure subscription or your entire Azure Tenant.
Why Connect My Azure Cloud?
Securing your Azure infrastructure is essential to protecting your workloads, applications, and data. ARMO provides deep visibility into your Azure resources and continuously assesses them for risks and compliance gaps.
By connecting your Azure subscription, ARMO will:
- Detect high-impact misconfigurations and vulnerabilities across your Azure environment, including VMs, Storage, and Kubernetes clusters (AKS).
- Continuously ingest and analyze Azure Activity Logs to power Cloud Detection and Response (CDR), providing visibility into user actions, API calls, and potential threats.
- Provide actionable insights to harden your Azure workloads without unnecessary alert fatigue.
Cloud ComplianceView all compliance checks performed on your Azure environment under Compliance → Cloud.
Cloud Detection and Response (Coming soon)Monitor detected incidents and suspicious activity under Runtime Incidents.
What Happens After You Connect?
Once your Azure environment is connected:
- ARMO automatically scans your subscriptions for misconfigurations, and compliance violations.
- Daily scans are scheduled automatically.
- Findings are enriched with context about impacted resources, severity, and remediation steps.
Available Onboarding Methods
| Onboarding Option | Description | Recommended for |
|---|---|---|
| Onboard Azure Subscription | Connect a single Azure subscription using an ARM Template that creates the required Service Principal and assigns the Reader role. | Small environments or customers who manage subscriptions independently. |
Prerequisites
Before onboarding, ensure:
- You have Owner or User Access Administrator permissions in the Azure subscription or tenant.
- You have access to the Azure Portal and the ARMO Platform with a role that allows connecting new cloud environments.
- Network connectivity from ARMO’s Service Connector to Azure Management APIs (port 443).
Onboarding Methods
Choose the guide based on your setup:
👉 Onboard an Azure Subscription
After Onboarding
Once your Azure environment is connected:
- ARMO begins automated discovery of Azure resources
- Connected subscriptions appear under Settings → Accounts → Azure in the ARMO Platform.
- Compliance findings and misconfiguration results typically populate within 60 minutes.
Updated 15 days ago