|Note: if you connected Azure to Vanta prior to October 1, 2021, you'll need to reconnect Azure to Vanta to avoid any service interruptions, due to Azure migrating apps from Azure Active Directory Graph to Microsoft Graph. You can find more information about the migration in this article from Microsoft.|
- Organization Administrator or Global Administrator access in Azure
- Administrator Access in Vanta
- Go to the Integrations page and select the Available tab
- Search for Azure, then click the Connect button
- The toggle for Microsoft Azure will already be enabled and greyed out (Note: Enable the Microsoft Defender for Cloud option if you use Microsoft Defender for Cloud as a vulnerability scanner. Hover over the tooltip for more information).
- Click the Next button
- Click App Registration to navigate to Azure Active Directory.
- Select New registration.
- Name the new application Vanta and click Register at the bottom of the page.
- Copy the Application ID and Directory ID from Azure, and paste these into the fields in Vanta
- Click Next for steps on how to create the client secret.
- In Azure, navigate to Certificates & secrets. Click 'New client secret'.
- In the fly-out menu, add the description Vanta and select 24 Months for the expiration
- Click Add.
- Copy the key under 'Value' with the Clip Board icon, Then paste it in the Client secret value box in Vanta.
Important: Once you leave this page in Azure you'll no longer be able to copy the Secret key. Please ensure to copy this before navigating away.
- Click Next to Add API permissions
- In Azure, navigate to API Permissions. Select 'Add a permission' Then Select "Microsoft Graph" from the flyout menu
- Select Application Permissions.
Use the search bar to filter for Directory, then Check "Directory.Read.All" permission.
- Click "Add permissions"
- Click Grant admin consent, and click Yes when prompted to grant requested permissions.
- In Vanta, click Next for steps to provide your subscription.
- Click on the 'Subscriptions' hyperlink on this page, or navigate to Subscriptions in Azure
- Copy the Subscription ID and paste in the 'Subscription ID' field in Vanta, then click Next.
- In Azure, Click on your subscription and Navigate to Access Control (IAM), and click Add to add a role assignment.
- Search for 'Reader' in the search box. Click to select, Then click the Members tab at the top
- For 'Assign access to' select Azure AD user, group, or service principal.
- Click '+Select Members' then Search for the app named 'Vanta'
Select the Vanta app
- After Selecting your App, Click Review + Assign at the bottom to assign the Role
If the connection is complete, a successful connection notification will display. If there are errors, an error message will provide additional details on what went wrong.
- Navigate back to Vanta and click 'Next'. Please note, it may take a few moments for the changes to register, and you may need to try this more than once if you receive an error message initially.
The Azure Integration is now complete! The integration will now load in all your resources.
This might take a moment depending on how many resources need to be fetched. You may skip this step and let Vanta complete the scan in the background by clicking the 'Done' button.
Once the scan is complete, you can navigate back to Integrations at any time to complete configuring the scope