Add your Microsoft Azure environment

You can add your Azure environment to Sophos Cloud Optix by running the PowerShell script Sophos provides.

You must run the Cloud Optix script using Azure PowerShell.

Warning You must not run the script using PowerShell on your computer.

Note By adding your Microsoft Azure environment, you authorize Sophos to access information via APIs and to collect log data from your environment. Your cloud provider may charge you for this. See Cloud provider charges or contact your provider for details.

To add your Azure subscriptions, you should do as follows:

Use an Azure AD Account with Global Administrator Permission at Tenant level and Owner permission at Subscription level.
Run the Cloud Optix script using Azure PowerShell. See Quickstart for PowerShell in Azure Cloud Shell.

To run the script:

Click Settings (in the left-hand menu) and select Environments.
Click Add New Environment.
On the Add your Cloud Provider environment page, select the Azure Subscription tab.
Follow the steps shown to go to Azure and open Azure PowerShell. You must not run the script using PowerShell on your computer.
Download the script and run it in Azure PowerShell.
./create-azure-app.ps1 -CustomerId <…> -RequestId <…> -avidFlowAddress <…>-avidActivityAddress <…>
The script lets you choose all subscriptions or only the subscriptions you want to add.

The script creates an AD application, service principal, add response URL and grant permission at subscription. By default, this grants 'Reader' permission to the app if no role name is provided.
After the script has run, enable user and group data sync with Azure AD.

To do this, you must authorize using an admin account for the subscriptions you have added.
At the end of the script, a URL is shown. Go to the URL to authenticate.

You need to be an Application Administrator in the Active Directory containing the subscriptions you added (or ask an Application Administrator to authenticate for you).