Connecting Microsoft Azure to Osto

This guide will walk you through securely connecting your Microsoft Azure subscription to Osto for continuous visibility, scanning, and cloud security posture management.

Navigate to the Azure Portal.
Sign in using your Azure account credentials.
You’ll need to collect a few identifiers and credentials during this setup — follow the steps below carefully.

Find Your Tenant ID

Your Tenant ID uniquely identifies your Azure Active Directory (Microsoft Entra ID) instance.

To find it:

In the Azure Portal, search for “Microsoft Entra ID” (or “Azure Active Directory” in older interfaces).

Click Overview in the sidebar.
Copy the Tenant ID displayed there — you’ll need it later for the Osto connection form.

Locate Your Subscription ID

Your Subscription ID represents the Azure billing account that Osto will access.

To locate it:

In the Azure Portal search bar, type “Subscriptions”.

Select your active subscription from the list.

On the Overview tab, copy the Subscription ID.

Create or Use an Existing Service Principal

Osto connects to Azure via a Service Principal (App Registration). If you don’t already have one, create it as follows:

In Azure Portal, go to Microsoft Entra ID → App registrations.
Click + New registration.
Provide a name (e.g., Osto-Azure-Connector).

Under “Supported account types,” choose Accounts in this organizational directory only (Single tenant).
Click Register.
Copy the Application (client) ID — this is your Client ID.

Generate a Client Secret

In your App Registration, navigate to Certificates & secrets.
Under Client secrets, click + New client secret.

Provide a description (e.g., “Osto integration key”) and select an expiry period (e.g., 1 year).
Click Add.

Copy the Value immediately — this is your Client Secret.

You will not be able to view the client secret again after you leave the page. Copy and store it securely before navigating away.

Fill in the Osto Cloud Connector Form

Now return to your Osto platform and open the Connect a Cloud Provider window. Select Microsoft Azure.

Fill in the fields as follows:

Name: A friendly name for your Azure connection (e.g., “Prod Subscription”).
Description: Optional description for easier identification.
Subscription ID: The Azure Subscription ID you copied earlier.
Client ID: The Application (client) ID from your registered app.
Client Secret: The secret value created under Certificates & Secrets.
Tenant ID: The Tenant ID from Microsoft Entra ID.

Once filled, click Connect to authenticate and establish the integration.

Verify Connection

After connecting successfully:

Your Azure assets will start syncing automatically.
You’ll see the total number of assets and a severity breakdown on your Osto dashboard.
The connector’s status will change to Active.

Optional: Assign Specific Azure Roles

Ensure your Service Principal has adequate permissions to allow asset discovery.

At a minimum, assign the Reader role at the subscription level.
If your organization enforces least privilege policies, you may also use a custom role scoped to Osto’s required actions.

Summary of Required Values

Parameter

Source

Example

Tenant ID

Microsoft Entra ID → Overview

c09e8f8a-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Subscription ID

Subscriptions → Overview

7f53e0a3-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Client ID

App Registration → Overview

23dbb6af-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Client Secret

App Registration → Certificates & secrets

Value from secret (hidden)

Troubleshooting

Error: “Invalid credentials”

Double-check Client ID, Client Secret, and Tenant ID values entered in the Osto connector form.

Error: “Insufficient permissions”

Ensure your Service Principal has the Reader role assigned at the subscription level or the appropriate custom role that grants Osto the required permissions.

Secret Expired

Generate a new client secret in Azure (App Registration → Certificates & secrets) and update it in Osto.

Last updated 29 minutes ago

PreviousCloud Security NextConnecting AWS to Osto

Last updated 22 days ago