Add your Microsoft Azure environment
You can add your Azure environment to Sophos Cloud Optix by running the PowerShell script Sophos provides.
You must run the PowerShell script in Cloud Shell. Access this from your Azure portal.
Sophos Cloud Optix can't connect to free trial Azure accounts. This is because of a restriction in the subscription permissions with free trials of Azure.
To add your Azure subscriptions, you must run the script provided by Sophos. This registers an application in your Azure AD tenant. You can run the script as many times as you need to.
The user who first runs the script must have the Application Administrator role. One or more users can then add subscriptions by rerunning the script if needed. They must have the Owner role for each subscription they add to Sophos Cloud Optix.
For example, for multiple subscriptions, a user logged into Azure with the Application administrator role for your Azure tenant permissions runs it first. Users with the subscription Owner role for each subscription then rerun it to add the Azure subscriptions.
You can change the settings for your deployment using Custom settings. For example, you may not want to turn on network flow logs.
If you want to include AKS clusters, you must sign in to Azure with a profile that has the Cluster Admin role for each AKS cluster that you add. You can exclude AKS clusters in Custom settings.
To run the script, do as follows:
If you have all the required Azure roles to create the Enterprise App for your tenant (the Application Administrator role) and add your subscriptions (the Owner role for each subscription), you don't need to rerun the script. Other users can re-run the script to add subscriptions, if required.