Azure Quick-start

You can use Microsoft Azure Quick-start to add environments to Sophos Cloud Optix.

Quick-start gives you two simple commands to run in your Microsoft Azure portal. These commands create an application in your Azure Active Directory with read-only permissions and add your subscription to Sophos Cloud Optix to monitor security.

Quick-start gets you up and running with core features, including:

  • Inventory.
  • Security configuration scanning.
  • Spend monitoring.
  • Sophos server workload agent integration.

Quick-start doesn't support the following advanced features:

  • Network traffic information flow displayed on Network Visualization.
  • Outbound network traffic anomaly detection and alerts.
  • Activity Logs, including identification of high-risk activities.
  • User login anomaly detection and alerts.
  • Sophos Managed Threat Response (MTR) connector.

To use these features, use one of the full setup options instead.

If you add an environment with Quick-start, and then later you want to use the advanced features with the same environment, use the Azure PowerShell full script setup option. You don't have to remove the environment first. See Add Azure environments using PowerShell scripts.

Restriction Quick-start can't be used with the Sophos MTR connector. This requires Activity Logs and Flow Logs to receive anomaly alerts from Sophos Cloud Optix. To use the Sophos MTR connector, use one of the full setup options.

To use Quick-start, do as follows:

  1. Sign in to your Microsoft Azure portal using a profile with at least the Application Administrator role for your Microsoft Azure tenant, and the Owner role for the subscription you want to add to Sophos Cloud Optix
  2. Sign in to Sophos Cloud Optix.
  3. Go to Settings and click Add Environments.
  4. Click Azure > Azure Quick-start.

    Instructions appear for two commands. You must run these commands in Cloud Shell.

  5. Copy the first command exactly.
  6. In Microsoft Azure, paste the command into Cloud Shell, then run it.

    This registers the Sophos Cloud Optix application in your Microsoft Azure Active Directory tenant.

    A Microsoft Azure service principal with a Reader role is assigned to the application. This role does not have the permissions required to make any changes.

    The second command is generated using your Microsoft Azure subscription ID. You can find this in the Microsoft Azure services area of your Microsoft Azure portal. See Find your Azure subscription.

  7. To generate the second command, go back to Azure Quick-start in Sophos Cloud Optix.
  8. Enter your Microsoft Azure subscription ID and click Generate command.

    The second command appears, customized for your subscription.

  9. Copy the second command exactly.
  10. In Microsoft Azure, paste the command into Cloud Shell, then run it.

    The subscription is added to Sophos Cloud Optix.

    If you want to add multiple subscriptions, you can generate and run a new command for each ID.