Skip to main content

Azure

If you are using Spot Security for the first time, in the left main menu of the Spot console click Spot Security > Start With 30 Days Free Trial.

Prerequisites

Use the same service principal you created when you onboarded the Azure subscription to the Spot console for the Spot Security onboarding (based on individual subscriptions).

If you lost the service principal you used, you can access it in the Spot Accounts page. Select the account that you are onboarding by clicking the relevant client ID.

View image

Step 1: Connect your Azure Account

  1. If you already connected cloud accounts to Spot, in the left main menu of the Spot console, click Spot Security > Administration.
  2. Click Cloud Account > Azure > Log in to Azure Account.
  3. Enter your Azure Management Console and click Azure.

Step 2: Elevate Access to your Subscription ID

Step 2.1: Assign Reader, Storage Blob Data Reader Role

Assign a reader and storage blob data reader role to your Spot application registration subscription
  1. Sign in to your Azure account.
  2. Under All Services, select Subscriptions. Select the subscription to connect to Spot Security.
  3. In the Subscription menu, select Access Control (IAM) and click + Add > Add role assignment.
  4. Find and select the Reader role.
View image
get-started-azure10

  1. Click Next.

  2. On the Members tab:

    1. Make sure Assign access to is set to User, group, or service principal.
    2. Click + Select Members.
    3. Find and select the Spot application that you used during spot onboarding and click Select.
    4. Click Next.

  3. Click Review + assign and wait for it to assign the Reader role to the Spot app registration.

    View image
    get-started-azure11

  4. Repeat steps 3-7 for the Storage Blob Data Reader role.

  5. Click the Role Assignments tab, search for your service principal, and make sure the app has both Reader and Storage Blob Data Reader roles assigned.

    View image

  6. Click on the service principal and copy the Object ID of the Application Service Principal and save it for the next step of onboarding.

    View image

Step 2.2: Enter the Service Principal Object ID

  1. Go to the Spot console and enter the Service Principal Object ID and click Validate.

  2. When the Service Principal Object ID is successfully validated, click Next.

Step 3: Archive Activity Logs to a Storage Account

Step 3.1: Configure Export Activity Logs

  1. Log in to your Azure account.

  2. Under All Services, select Subscriptions. Select the subscription you would like to onboard to Spot Security.

  3. Select Activity log > Export Activity Logs > + Add diagnostic setting.

    View image

  4. Enter a Diagnostic setting name.

  5. Select Categories > Administrative.

  6. Select Archive to a storage account and select the Subscription with the storage account. Make sure the service principal used for onboarding has access to the storage account.

  7. Select the logs you want to archive from the Storage Account. Create a storage account if needed.

  8. Copy the Storage account name and save it for the next step of onboarding.

  9. Click Save.

Step 3.2: Enter Storage Account Name

  1. Go to the Spot console, enter the storage account name copied in the previous step and click Validate.

    View image

  2. When the storage account name is validated, click Next.

Step 4: Review and Finalize

  1. Review the information and ensure all details are correct.

    View image

  2. Click Finish Onboarding.