How to connect multiple Azure Subscriptions to Vanta

Below we'll walk through the steps needed to connect an additional Azure Subscription to Vanta. 
This guide assumes that you've already connected at least one Azure subscription, it is correctly integrated and syncing resources.

 

Prerequisites:

  • Azure Subscription connected to Vanta
  • Azure Subscription not yet connected to Vanta

 

Procedure:

  1. Navigate to the Integrations page, locate your existing Azure connection.
  2. then select 'Manage -> Edit'.

    • Click on 'Add Subscription' to start connecting your additional Azure Subscription.

  3. Once in the 'Connect Azure' screen, Click Next -> to view the 'Register Application' form.

    • Click on ' App Registration ' to Navigate to the Azure Portal and begin creating your additional Vanta app. 

  4. Select + New Registration in the top right
    • You may see your other subscription's Vanta app in this list since each Azure Subscription requires its own Vanta App to connect. So we won't be altering any other Apps config.

  5. Name your app whatever you like ( Preferably something that can distinguish it from the others )
    • Use the default options already selected, and click 'Register'

  6. You will be redirected to the Application overview page, Copy your Application ID and Directory ID then navigate back to the Connection steps in Vanta

    • Paste the IDs in their appropriate places, then select Next ->

  7. In the Azure Portal, Select 'Certificates & Secrets' and Create your new Secret token:


    • Note: This is the only time you can copy your secret's Value, so do so before leaving the page.
    • Paste it in the appropriate box on the Vanta Connection steps then click Next ->

  8. In Azure - Navigate to 'API Permissions' -> Select 'Add Permission' -> Microsoft Graph

    • Select 'Application Permissions' -> Search for 'Directory' -> Select 'Directory.Read.All' then Add Permissions
    • Make sure you 'Grant Admin Consent' for these permissions before continuing:

    • Once 'Admin Consent' is granted, Navigate back to Vanta and go to the Next -> step



  9. In Azure - Search for "Subscriptions" and navigate to it ->

    • Locate your Second Subscription( the subscription not connected yet ) and copy the ID

    • Paste your Subscription ID in the appropriate box and click Next ->

  10. In Azure - Click on your Subscription -> then in the sidebar Click Access Control (IAM) ->
    -> + Add -> Add Role Assignment

    • Search for "Reader" -> Click Reader role -> Then Next
    • Click 'Select Members' -> Search for the App we just created and Select it ->
    • Click 'Review + assign' and confirm your subscription is the correct one ->

    • If everything looks good, Click 'Review + assign' once more to Assign the role

    • Back in Vanta, Click Next ->

  11. If Authenticated correctly, Vanta will begin to fetch your Subscriptions resources.

Repeat this process for any other unconnected Subscriptions you'd like to connect to Vanta!

Updated