> ## Documentation Index
> Fetch the complete documentation index at: https://docs.osto.one/llms.txt
> Use this file to discover all available pages before exploring further.

# Connecting Microsoft Azure to Osto

> Securely connect your Azure subscription to Osto for continuous cloud security posture management.

This guide will walk you through securely connecting your Microsoft Azure subscription to Osto for continuous visibility, scanning, and cloud security posture management.

**Before you begin:**

* Navigate to the [Azure Portal](https://portal.azure.com/).
* Sign in using your Azure account credentials.
* You'll need to collect a few identifiers and credentials during this setup — follow the steps below carefully.

<Frame caption="The Microsoft Azure connection form in Osto.">
  <img src="https://mintcdn.com/osto/R3fYKhw3c9iXbOPt/images/posture/connect-azure-form.jpg?fit=max&auto=format&n=R3fYKhw3c9iXbOPt&q=85&s=53486038e9553a9b7e587e45b6c3697a" alt="Connect to Microsoft Azure form with Name, Description, Subscription ID, Client ID, Client Secret, and Tenant ID fields" width="717" height="695" data-path="images/posture/connect-azure-form.jpg" />
</Frame>

<Steps>
  <Step title="Find Your Tenant ID">
    Your **Tenant ID** uniquely identifies your Azure Active Directory (Microsoft Entra ID) instance.

    To find it:

    1. In the Azure Portal, search for **"Microsoft Entra ID"** (or **"Azure Active Directory"** in older interfaces).
    2. Click **Overview** in the sidebar.
    3. Copy the **Tenant ID** displayed there — you'll need it later for the Osto connection form.
  </Step>

  <Step title="Locate Your Subscription ID">
    Your **Subscription ID** represents the Azure billing account that Osto will access.

    To locate it:

    1. In the Azure Portal search bar, type **"Subscriptions"**.
    2. Select your active subscription from the list.
    3. On the **Overview** tab, copy the **Subscription ID**.
  </Step>

  <Step title="Create or Use an Existing Service Principal">
    Osto connects to Azure via a **Service Principal (App Registration)**. If you don't already have one, create it as follows:

    1. In Azure Portal, go to **Microsoft Entra ID → App registrations**.
    2. Click **+ New registration**.
    3. Provide a name (e.g., `Osto-Azure-Connector`).
    4. Under "Supported account types," choose **Accounts in this organizational directory only (Single tenant)**.
    5. Click **Register**.
    6. Copy the **Application (client) ID** — this is your **Client ID**.
  </Step>

  <Step title="Generate a Client Secret">
    1. In your App Registration, navigate to **Certificates & secrets**.
    2. Under **Client secrets**, click **+ New client secret**.
    3. Provide a description (e.g., "Osto integration key") and select an expiry period (e.g., 1 year).
    4. Click **Add**.
    5. Copy the **Value** immediately — this is your **Client Secret**.

    <Warning>
      You will not be able to view the client secret again after you leave the page. Copy and store it securely before navigating away.
    </Warning>
  </Step>

  <Step title="Fill in the Osto Cloud Connector Form">
    Return to your **Osto platform** and open the **Connect a Cloud Provider** window. Select **Microsoft Azure**.

    Fill in the fields as follows:

    * **Name:** A friendly name for your Azure connection (e.g., "Prod Subscription").
    * **Description:** Optional description for easier identification.
    * **Subscription ID:** The Azure Subscription ID you copied earlier.
    * **Client ID:** The Application (client) ID from your registered app.
    * **Client Secret:** The secret value created under Certificates & Secrets.
    * **Tenant ID:** The Tenant ID from Microsoft Entra ID.

    Once filled, click **Connect** to authenticate and establish the integration.
  </Step>

  <Step title="Verify Connection">
    After connecting successfully:

    * Your Azure assets will start syncing automatically.
    * You'll see the total number of assets and a severity breakdown on your Osto dashboard.
    * The connector's status will change to **Active**.
  </Step>

  <Step title="Optional: Assign Specific Azure Roles">
    Ensure your Service Principal has adequate permissions to allow asset discovery.

    * At a minimum, assign the **Reader** role at the subscription level.
    * If your organization enforces least privilege policies, you may also use a custom role scoped to Osto's required actions.
  </Step>
</Steps>

***

## Summary of Required Values

| Parameter           | Source                                    | Example                                |
| ------------------- | ----------------------------------------- | -------------------------------------- |
| **Tenant ID**       | Microsoft Entra ID → Overview             | `c09e8f8a-xxxx-xxxx-xxxx-xxxxxxxxxxxx` |
| **Subscription ID** | Subscriptions → Overview                  | `7f53e0a3-xxxx-xxxx-xxxx-xxxxxxxxxxxx` |
| **Client ID**       | App Registration → Overview               | `23dbb6af-xxxx-xxxx-xxxx-xxxxxxxxxxxx` |
| **Client Secret**   | App Registration → Certificates & secrets | `Value from secret (hidden)`           |

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="Error: &#x22;Invalid credentials&#x22;">
    Double-check Client ID, Client Secret, and Tenant ID values entered in the Osto connector form.
  </Accordion>

  <Accordion title="Error: &#x22;Insufficient permissions&#x22;">
    Ensure your Service Principal has the **Reader** role assigned at the subscription level or the appropriate custom role that grants Osto the required permissions.
  </Accordion>

  <Accordion title="Secret Expired">
    Generate a new client secret in Azure (App Registration → Certificates & secrets) and update it in Osto.
  </Accordion>
</AccordionGroup>
