Skip to content

Update Azure environments

When Sophos suggests updates for your Sophos Cloud Optix resources in Azure, we strongly advise you run the update process, which updates the resources to the latest configuration. This ensures Sophos Cloud Optix can continue to monitor your Microsoft Azure environment.

To update your Microsoft Azure environment, do as follows:

  1. Sign in to your Sophos Cloud Optix account.
  2. Click Add Environments.
  3. Under Add your cloud environment, select Azure.
  4. Under Full Setup, click Add an Azure subscription using a script in Azure PowerShell.

  5. Sign in to your Microsoft Azure portal.

    Note

    You must be a user with at least the Owner role in the subscription and Application Administrator rights in Microsoft Entra ID (formerly Azure AD).

  6. Locate and open Cloud Shell from the top-right corner of the portal interface.

  7. Select the PowerShell environment within Cloud Shell.

    Once PowerShell is activated, you can run the script as instructed.

  8. Return to Sophos Cloud Optix and follow the steps in Add an Azure subscription using a script in Azure PowerShell to start the environment update.

    Note

    You mustn't run the script using Windows PowerShell directly on your computer. You must use the Cloud Shell environment provided by Microsoft Azure.

  9. Download the script using the command provided in Sophos Cloud Optix.

  10. Click Custom settings to review and change the settings if necessary.

    If you change the settings, you must copy the command in Custom settings. You use this when you run the script, not the command on the main screen.

  11. Close the window.

  12. Run the script in Microsoft Azure PowerShell, using either the command provided in Sophos Cloud Optix or the one you copied from Custom settings.

    Note

    The script will update the permission for the Microsoft Entra ID application. If permission is missing, it'll ask to proceed with subscription onboarding and grant permissions at the subscription level.

    Press the N key to update for Microsoft Entra ID app permissions only.

    The script lets you choose all subscriptions or only the subscriptions you want to update.

After the script has run, you must turn on user and group data sync with Microsoft Entra ID, using an admin account for the subscriptions you've added. To do this, go to the URL shown at the end of the script.

Note

You must be an Application Administrator in the Microsoft Entra ID account containing your added subscriptions. If you're not an Application Administrator, you need to request authentication from an authorized user to access the added subscriptions.

Always use Cloud Shell within the Azure portal to run the script to update your Azure environment.