Automated Onboarding (Azure Cloud Shell)

This page is for Administrative users that wish to automatically onboard an Azure account using the Azure Cloud Shell. If you are a non-admin user, return to the Onboard an Azure cloud account to get started.

  • If you are connecting to InsightCloudSec for the first time, you will be greeted by a workflow that shares some details around InsightCloudSec capabilities and allows you to select your Cloud Service Provider to start the onboarding process.
  • If you have connected to InsightCloudSec previously but are setting up Azure for the first time, you will need to navigate to Cloud > Cloud Accounts and select the Add Cloud option to open the cloud onboarding.

Using either path above, select Microsoft Azure as your CSP to get started with onboarding.

Onboard using Cloud Shell

  1. In the onboarding wizard, click Download Script to download the onboarding script locally.
  2. Onboard in Azure using Cloud Shell.
    1. Login to the Azure Portal using the Tenant you would like to connect to InsightCloudSec.
    2. In the top bar, click the Cloud Shell icon to open the Cloud Shell. If this is your first time using the Cloud Shell, you'll be prompted to select the type of shell and mount storage within a subscription to persist files between sessions. Review the Azure Documentation for more information.
    3. Click the Upload/Download Files icon, then click Upload and select the onboarding script from its downloaded location. The file will be uploaded to /home/<username> by default.
    4. Run the script (python and follow the prompts to create everything needed to onboard the account.
      If you uploaded the onboarding script to somewhere other than the default, you'll need to include the directory location with the command.
      • Provide an Application Registration name (or press Enter to use the default)
      • Provide the subscription ID for the account you wish to onboard (or press Enter to use the current Subscription)
      • If you wish to onboard a Management Group, provide Y and press Enter to setup tenant-level visibility (and enable account discovery); if this is just an individual account, provide n
      • Provide a number corresponding to the role you wish to use for harvesting (or press Enter to use the default). Review Azure Custom Roles for more information
      • The configuration is complete. The necessary values are displayed.
  3. In InsightCloudSec, in the onboarding wizard, click Connect.

Configuration Information

Copy the necessary configuration information (Tenant ID, Subscription ID, Application Registration name, Application Registration ID, Application Registration password a.k.a. Secret Key Value) to a secure location.

Success! You onboarded an account

Congratulations on successfully onboarding an Azure account! InsightCloudSec will now detect the following:

  • If there are any missing permissions which could cause impaired visibility into your account
  • Assuming you completed the Tenant Visibility portion of the onboarding script, if the account is an Azure Tenant Account, you can enable Account Discovery. If Account Discovery is enabled, Rapid7 can onboard and collect information on related Azure Tenants and Subscriptions via the onboarded Tenant. Click Enable Auto Discovery at the bottom of the window to start this process.