Skip to main content

Connecting Azure

To scan your Azure environment, you need to create a Service Principal in Azure Active Directory and provide its credentials to Amnify.

Prerequisites

Before you begin, make sure you have:

  • An Azure account with permission to create App Registrations in Azure AD
  • At least one Azure subscription you want to scan
  • The following values ready:
    • Tenant ID — your Azure AD tenant identifier
    • Application (Client) ID — from the App Registration
    • Client Secret — a secret created for the App Registration

Step 1: Create an App Registration

If you don't already have a Service Principal:

  1. Go to Azure Portal → Azure Active Directory → App registrations
  2. Click New registration
  3. Name it (e.g., "Amnify Security Scanner")
  4. Set the supported account type to Single tenant
  5. Click Register
  6. Note the Application (client) ID and Directory (tenant) ID

Step 2: Create a Client Secret

  1. In your App Registration, go to Certificates & secrets
  2. Click New client secret
  3. Set a description and expiration
  4. Click Add
  5. Copy the secret value immediately — it won't be shown again

Step 3: Assign Permissions

Grant the Service Principal Reader access to the subscriptions you want to scan:

  1. Go to the subscription in Azure Portal
  2. Navigate to Access control (IAM) → Add role assignment
  3. Select Reader role
  4. Assign it to your App Registration
tip

For comprehensive scanning, the Reader role is sufficient. Amnify does not require write access to your Azure resources.

Step 4: Add the Integration in Amnify

  1. Navigate to Integrations and click Create integration
  2. Select Azure as the provider
  3. Fill in:
    • Display Name (optional) — a friendly label for this connection
    • Tenant ID — your Azure AD tenant ID (GUID format)
    • Application ID — the App Registration client ID (GUID format)
    • Client Secret — the secret value you copied earlier
  4. Click Next
  5. Amnify discovers your subscriptions — toggle on the ones you want to scan
  6. Click Finish

What Happens Next

Once connected, you can:

Troubleshooting

IssueCauseSolution
No subscriptions discoveredService Principal lacks Reader accessAssign Reader role on target subscriptions
Authentication failedIncorrect credentialsVerify Tenant ID, App ID, and Client Secret
Expired secretClient Secret has expiredCreate a new secret in Azure AD and recreate the integration