Follow these steps to connect an Azure account to CloudSploit:

Create an Azure App Registration for CloudSploit

  1. Log into your Azure Portal and navigate to the Azure Active Directory service.
  2. Select App registrations and then click on New Application registration.
  3. Enter CloudSploit and/or a descriptive name in the Application Name field, then Select Web app/API and enter https://console.cloudsploit.com in the Sign-On URL field.
  4. Leave the "Supported account types" default: "Accounts in this organizational directory only (YOURDIRECTORYNAME)".
  5. Click on Register.
  6. Copy the Application ID and keep for future use in the account connection wizard.

Create Client Secret

  1. Click on Certificates & Secrets
  2. Under Client Secrets, click on "New Client Secret."
  3. Enter a Description (i.e. Cloudsploit-2019) and select Expires "Never".
  4. Click on Add.
  5. Copy the Key Value and keep for future use in the account connection wizard.

Get your Directory and Subscription IDs

Get your Directory ID

  1. Navigate to the Azure Active Directory service.
  2. Select Properties. Click to copy the Directory ID and keep for future use in the account connection wizard.

Get your Subscription ID

  1. Navigate to Cost Management and Billing.
  2. Click on Subscriptions, copy the relevant Subscription ID and keep for future use in the account connection wizard.

Apply Permissions

  1. Click on the Subscription ID from the Subscriptions page.
  2. Click on "Access Control (IAM)".
  3. Click "Add role assignment".
  4. In the "Role" drop-down, select "Security Reader".
  5. In the "Select" drop-down, type the name of the app (e.g. "CloudSploit") you created and select it.
  6. Repeat the process for the "Log Analytics Reader" role.
  7. Click "Save".