# Connecting Microsoft Azure to Osto * Navigate to the [Azure Portal](https://portal.azure.com/). * Sign in using your Azure account credentials. * You’ll need to collect a few identifiers and credentials during this setup — follow the steps below carefully. {% stepper %} {% step %} ### Find Your Tenant ID Your **Tenant ID** uniquely identifies your Azure Active Directory (Microsoft Entra ID) instance. To find it: * In the Azure Portal, search for **“Microsoft Entra ID”** (or **“Azure Active Directory”** in older interfaces). ![](/files/f3ff75861623923f8754ed66bd84876c57a27318) * Click **Overview** in the sidebar. * Copy the **Tenant ID** displayed there — you’ll need it later for the Osto connection form. ![](/files/1deeb08f731ee4d7d149dde2c8cb95c44b3f03d7) {% endstep %} {% step %} ### Locate Your Subscription ID Your **Subscription ID** represents the Azure billing account that Osto will access. To locate it: * In the Azure Portal search bar, type **“Subscriptions”**. ![](/files/be37f3ee00e04265d9462d9902e3c7652b1aef5c) * Select your active subscription from the list. ![](/files/BOATjbuINoAwZbHj4EDy) * On the **Overview** tab, copy the **Subscription ID**. ![](/files/q5lL0hTXIhAtbygoRdWr) {% endstep %} {% step %} ### Create or Use an Existing Service Principal Osto connects to Azure via a **Service Principal (App Registration)**. If you don’t already have one, create it as follows: * In Azure Portal, go to **Microsoft Entra ID → App registrations**. * Click **+ New registration**. * Provide a name (e.g., `Osto-Azure-Connector`). ![](/files/9e444cb1d2c90d2a9983844f378c7ae9c1cc2a7f) * Under “Supported account types,” choose **Accounts in this organizational directory only (Single tenant)**. * Click **Register**. * Copy the **Application (client) ID** — this is your **Client ID**. ![](/files/117291acdf59f22900fd1e435ee380c55cb5b8b6) ![](/files/f8cf4c1077c59c545d3bc06825c5d32798fc4b02) {% endstep %} {% step %} ### Generate a Client Secret * In your App Registration, navigate to **Certificates & secrets**. * Under **Client secrets**, click **+ New client secret**. ![](/files/16d2025d3a38230db1e64af1b0f93f9093600534) * Provide a description (e.g., “Osto integration key”) and select an expiry period (e.g., 1 year). * Click **Add**. ![](/files/f5f2294e711c4c6b6009481402e83d504250ef49) * Copy the **Value** immediately — this is your **Client Secret**. ![](/files/a4226469cb3c26a8743e7f0c1c7954d345b41ec8) {% hint style="warning" %} You will not be able to view the client secret again after you leave the page. Copy and store it securely before navigating away. {% endhint %} {% endstep %} {% step %} ### Fill in the Osto Cloud Connector Form Now return to your **Osto platform** and open the **Connect a Cloud Provider** window. Select **Microsoft Azure**. Fill in the fields as follows: * Name: A friendly name for your Azure connection (e.g., “Prod Subscription”). * Description: Optional description for easier identification. * Subscription ID: The Azure Subscription ID you copied earlier. * Client ID: The Application (client) ID from your registered app. * Client Secret: The secret value created under Certificates & Secrets. * Tenant ID: The Tenant ID from Microsoft Entra ID. Once filled, click **Connect** to authenticate and establish the integration. {% endstep %} {% step %} ### Verify Connection After connecting successfully: * Your Azure assets will start syncing automatically. * You’ll see the total number of assets and a severity breakdown on your Osto dashboard. * The connector’s status will change to **Active**. {% endstep %} {% step %} ### Optional: Assign Specific Azure Roles Ensure your Service Principal has adequate permissions to allow asset discovery. * At a minimum, assign the **Reader** role at the subscription level. * If your organization enforces least privilege policies, you may also use a custom role scoped to Osto’s required actions. {% endstep %} {% endstepper %} *** ## Summary of Required Values | Parameter | Source | Example | | ------------------- | ----------------------------------------: | -------------------------------------- | | **Tenant ID** | Microsoft Entra ID → Overview | `c09e8f8a-xxxx-xxxx-xxxx-xxxxxxxxxxxx` | | **Subscription ID** | Subscriptions → Overview | `7f53e0a3-xxxx-xxxx-xxxx-xxxxxxxxxxxx` | | **Client ID** | App Registration → Overview | `23dbb6af-xxxx-xxxx-xxxx-xxxxxxxxxxxx` | | **Client Secret** | App Registration → Certificates & secrets | `Value from secret (hidden)` | *** ## Troubleshooting
Error: “Invalid credentials” Double-check Client ID, Client Secret, and Tenant ID values entered in the Osto connector form.
Error: “Insufficient permissions” Ensure your Service Principal has the **Reader** role assigned at the subscription level or the appropriate custom role that grants Osto the required permissions.
Secret Expired Generate a new client secret in Azure (App Registration → Certificates & secrets) and update it in Osto.
Last updated 29 minutes ago --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://osto-cybersecurity.gitbook.io/osto/knowledge-base/how-to-guides/posture-management/cloud-security/connecting-microsoft-azure-to-osto.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.