Automated Onboarding (Azure CLI)

This page is for Administrative users that wish to automatically onboard an Azure account using the Azure Command Line Interface (CLI). If you are a non-admin user, return to the Onboard an Azure cloud account for details.

  • If you are connecting to InsightCloudSec for the first time, you will be greeted by a workflow that shares some details around InsightCloudSec capabilities and allows you to select your Cloud Service Provider to start the onboarding process.
  • If you have connected to InsightCloudSec previously but are setting up Azure for the first time, you will need to navigate to Cloud > Cloud Accounts and select the Add Cloud option to open the cloud onboarding.

Using either path above, select Microsoft Azure as your CSP to get started with onboarding.


These instructions and prerequisites have only been tested on a Unix-based system.

Onboard an account with Azure CLI

  1. In the InsightCloudSec Onboarding Wizard, click Download Script to download the onboarding script locally.
  2. Open a terminal window.
  3. Login to the Azure CLI: az login
  4. Run the script (python and follow the prompts to create everything needed to onboard the account. If you're not currently in the location of the onboarding script, you'll need to include the directory location with the command.
    • Provide an Application Registration name (or press Enter to use the default)
    • Provide the subscription ID for the account you wish to onboard (or press Enter to use the current Subscription)
    • If you wish to onboard a Tenant, provide Y and press Enter to setup tenant-level visibility (and enable account discovery); if this is just an individual account, provide n
    • Provide a number corresponding to the role you wish to use for harvesting (or press Enter to use the default). Review Azure Custom Roles for more information
    • The configuration is complete. The necessary values are displayed.
  5. In the InsightCloudSec Onboarding Wizard, click Connect Subscription.
  6. Select the appropriate Azure Cloud Environment.
  7. Provide the Nickname, Tenant ID, Subscription ID, Application ID, and Secret Key Value ("password") you copied earlier.
  8. Click Connect Account to finalize your Azure setup.

Configuration Information

Copy the necessary configuration information (Tenant ID, Subscription ID, Application Registration name, Application Registration ID, Application Registration password a.k.a. Secret Key Value) to a secure location.

Success! You onboarded an account

Congratulations on successfully onboarding an Azure account! InsightCloudSec will now detect the following:

  • If there are any missing permissions which could cause impaired visibility into your account
  • Assuming you completed the Tenant Visibility portion of the onboarding script, if the account is an Azure Tenant Account, you can enable Account Discovery. If Account Discovery is enabled, Rapid7 can onboard and collect information on related Azure Tenants and Subscriptions via the onboarded Tenant. Click Enable Auto Discovery at the bottom of the window to start this process.