Automated Onboarding (Azure Cloud Shell)

Instructions for Onboarding an Azure Account or Accounts with InsightCloudSec via the Azure Cloud Shell

This page is for Administrative users that wish to automatically onboard an Azure account using the Azure Cloud Shell. Note: If you are a non-admin user, return to the Azure - Onboarding Overview for details.

  • If you are connecting to InsightCloudSec for the first time, you will be greeted by a workflow that shares some details around InsightCloudSec capabilities and allows you to select your Cloud Service Provider to start the onboarding process.
  • If you have connected to InsightCloudSec previously but are setting up Azure for the first time, you will need to navigate to "Cloud --> Cloud Accounts" and select the "Add Cloud" option to open the cloud onboarding.

Using either path above, select "Microsoft Azure" as your CSP to get started with onboarding.

Azure Onboarding Landing Page

Azure Onboarding Landing Page

Introduction (Step 1)

In the InsightCloudSec Onboarding Wizard

1. Click "Download Script" to download the onboarding script locally.

In the Azure Portal - Open the Cloud Shell

1. Login to the Azure Portal using the Tenant you would like to connect to InsightCloudSec.

2. In the top bar, click the Cloud Shell icon to open the Cloud Shell.

Cloud Shell Access

Cloud Shell Access

Note: If this is your first time using the Cloud Shell, you'll be prompted to select the type of shell and mount storage within a subscription to persist files between sessions. Review the Azure Documentation for more information. This page used Bash for all examples.

3. Click the "Upload/Download Files" icon, then click "Upload" and select the onboarding script from its downloaded location. The file will be uploaded to /home/<username> by default.

Uploading a File

Uploading a File

4. Run the script (python and follow the prompts to create everything needed to onboard the account. Note: If you uploaded the onboarding script to somewhere other than the default, you'll need to include the directory location with the command.

  • Provide an Application Registration name (or press Enter to use the default)
  • Provide the subscription ID for the account you wish to onboard (or press Enter to use the current Subscription)
  • If you wish to onboard a Management Group, provide Y and press Enter to setup tenant-level visibility (and enable account discovery); if this is just an individual account, provide n
  • Provide a number corresponding to the role you wish to use for harvesting (or press Enter to use the default). Review Azure Custom Roles for more information
  • The configuration is complete. The necessary values are displayed.
Account Configuration Complete

Account Configuration Complete


Configuration Information

Copy the necessary configuration information (Tenant ID, Subscription ID, Application Registration name, Application Registration ID, Application Registration password a.k.a. Secret Key Value) to a secure location.

In the InsightCloudSec Onboarding Wizard

1. Click "4. Connect Subscription".

2. Select the appropriate Azure Cloud Environment.

3. Provide the Nickname, Tenant ID, Subscription ID, Application ID, and Secret Key Value ("password") you copied earlier.

4. Click "Connect Account" to finalize your Azure setup.



Congratulations on successfully onboarding an Azure account! InsightCloudSec will now detect the following:

  • If there are any missing permissions which could cause impaired visibility into your account
  • Assuming you completed the Tenant Visibility portion of the onboarding script, if the account is an Azure Tenant Account, you can enable Account Discovery. If Account Discovery is enabled, Rapid7 can onboard and collect information on related Azure Tenants and Subscriptions via the onboarded Tenant. Click "Enable Auto Discovery" at the bottom of the window to start this process.