Skip to content

Azure Quick-start

You can use Quick-start to add environments to Sophos Cloud Optix.

Quick-start gives you two simple commands to run in your Microsoft Azure portal. These commands create an application in your Microsoft Entra ID (formerly Azure AD) with read-only permissions and add your subscription to Sophos Cloud Optix to monitor security.

If you add an environment with Quick-start, and later want to use advanced features with the same environment, use the Azure PowerShell script setup. You don't have to remove the environment first. See Use PowerShell script.

For more detail on the differences between Quick-start and full setup methods, see Add your Microsoft Azure environment.

Note

Quick-start can't be used with the Sophos MDR integration. This requires Activity Logs and Flow Logs to receive anomaly alerts from Sophos Cloud Optix. To use the Sophos MDR integration, use one of the full setup options.

Use Quick-start

To use Quick-start, do as follows:

  1. Sign in to the Microsoft Azure portal using an account with the Application Administrator role for your Microsoft Entra tenant ID and the Owner role for the subscription you want to add to Sophos Cloud Optix.

    Note

    Some actions require the Global Administrator role with elevated access.

  2. Sign in to Sophos Cloud Optix.

  3. Click Add Environments.

  4. Click Azure > Azure Quick-start.

    Instructions appear for two commands. You must run these commands in Cloud Shell.

  5. Copy the first command exactly.

  6. In Microsoft Azure, paste the command into Cloud Shell, then run it.

    This registers the Sophos Cloud Optix application in your Microsoft Entra tenant ID.

    A Microsoft Azure service principal is assigned the Reader role. This role provides read-only access and doesn't allow any changes.

    The Reader role is also assigned at the root level for the Microsoft Entra ID (AAD) and Intune resource providers, allowing read-only access to directory and Intune configuration data.

    The second command is generated using your Microsoft Azure subscription ID. You can find this in the Microsoft Azure services area of your Microsoft Azure portal. See Find your Azure subscription.

  7. To generate the second command, go back to Azure Quick-start in Sophos Cloud Optix.

  8. Enter your Microsoft Azure subscription ID and click Generate command.

    The second command appears, customized for your subscription.

  9. Copy the second command exactly.

  10. In Microsoft Azure, paste the command into Cloud Shell, then run it.

    The subscription is added to Sophos Cloud Optix.

    If you want to add multiple subscriptions, you can generate and run a new command for each ID.