How to connect multiple Azure Subscriptions to Vanta

  • Updated

Below we'll walk through the steps needed to connect an additional Azure Subscription to Vanta. 
This guide assumes that you've already connected at least one Azure subscription, it is correctly integrated and syncing resources.

 

Prerequisites 

  • Azure Subscription connected to Vanta
  • Azure Subscription not yet connected to Vanta

Process

  • Navigate to the Integrations page, locate your existing Azure connection
  • Select Manage, followed by Edit
  • Click on Add Subscription to add additional Azure subscriptions 
    Once in the Connect Azure screen, select Next to view the Register Application form


  • Click on  App Registration to Navigate to the Azure Portal and begin creating your additional Vanta app.
  • Select + New Registration  in the top right
  • You may see your other subscription's Vanta app in this list since each Azure Subscription requires its own Vanta App to connect. So we won't be altering any other Apps config.
  • Name your app whatever you like (Preferably something that can distinguish it from the others)
    Use the default options already selected, and click Register
  • You will be redirected to the Application overview page, Copy your Application ID and Directory ID, then navigate back to the Connection steps in Vanta
  • Paste the IDs in their appropriate places, then select Next
  • In the Azure Portal, Select Certificates & Secrets and Create your new Secret token


  • This is the only time you can copy your secret, so do so before leaving the page.
  • Paste it in the appropriate box on the Vanta Connection steps, then click Next
  • In Azure - Navigate to API Permissions and select Add permissions, Microsoft Graph
  • Select Application Permissions and Search for Directory
  • Select Directory.Read.All
  • Add permissions 
  • Make sure you Grant Admin Consent for these permissions before continuing

  • Once Admin Consent is granted, Navigate back to Vanta and go to the next step



  • In Azure - Search for Subscriptions

  • Locate your Second Subscription( the subscription is not connected yet ) and copy the ID

  • Paste your Subscription ID in the appropriate box and click Next
  • In Azure - Click on your Subscription, then in the sidebar, Click Access Control IAM, 
    followed by +Add, and then Add Role Assignment 



  • Search for Reader

Click Reader Role, and select next
Click Select Members and search for the App that you just created

    • Click Review and Assign and confirm your subscription is the correct one

  • If everything looks good, Click Review & Assign once more to Assign the role

    • Back in Vanta, Click Next

If Authenticated correctly, Vanta will begin to fetch your Subscription resources

  • Select Done
  • Repeat this process for any other unconnected Subscriptions you'd like to connect to Vanta!
  •