Setting up the Azure Integration to enable Asset Discovery & Auto Checks
Important:
You must have admin rights in your Azure environment to complete the setup.
Without sufficient permissions, you won’t be able to assign the necessary roles, enable APIs, or create service accounts.
Video: How to Enable Azure Integration in Kertos
This video walks you through the full Azure integration setup in Kertos — from registering an application to assigning the correct permissions.
Step 1: Getting Started
- Go to the Integrations page in Kertos
- Click on Setup in Azure Integration Card
- Toggle Enable Auto Checks to
ON
Now you are ready to grant the permissions in your Azure Environment following these Instructions below
Step 2: Create Application
1. Sign in to the Azure Portal at https://portal.azure.com with your Azure account.
* Make sure your account has the necessary permissions to register an application.
2. Navigate to the App registrations at https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade.
3. Click the New registration button at the top of the page.
4. Complete the registration form (Name: „Kertos“, leave defaults) and submit the form using the Register button at the bottom of the page.
5. Click the Copy button in the section titled Application (client) ID in the Essentials box at the top of the page.
6. Paste the Application (client) ID that you just copied into the textfield (back in Kertos).
7. Click the Copy button in the section titled Directory (tenant) ID in the Essentials box at the top of the page.
8. Paste the Directory (tenant) ID that you just copied into the textfield (back in Kertos).
9. From the side bar go to Manage > API Permissions click on Add a permission then select Microsoft Graph
10. Select Application permissions then search and select below permissions to add them to app:
- Domain.Read.All
- Policy.Read.All
- UserAuthenticationMethod.Read.All
Step 3: Create Client Secret
11. Click the Add a certificate or secret link in the Client credentials section at the top of the page.
12. Click the New client secret button in the Client secrets section at the middle of the page.
13. Complete the form (Description: „Kertos“, Expires: 24 months) and submit the form using the Add button at the bottom of the page.
14. Click the Copy button in the column titled Value of the newly created secret at the bottom of the page.
15. Paste the Secret Value that you just copied into the textfield (back in Kertos).
Step 4: Setup Permissions
16. Navigate to the subscriptions at https://portal.azure.com/#view/Microsoft_Azure_Billing/SubscriptionsBladeV2.
17. Select the active subscription that includes your assets.
18. Click the Copy button in the section titled Subscription ID in the Essentials box at the top of the page.
19. Insert the Subscription ID that you just copied into the textfield (back in Kertos).
20. Click the Access control (IAM) menu item in the left-hand sidebar.
21. Click the Add dropdown link at the top of the page and select Add role assignment.
22. Select the first row with the name Reader in the table and click on the Next button at the bottom of the page.
23. Click the Select members link in the section titled Members. Search for the app name (e. g. Kertos) in the right-hand sidebar, select it, and click the Select button at the bottom of the page.
24. Click the Review + Assign button at the bottom of the page and complete the form to finalize the setup.
Once this is complete, make sure to have the toggle "Enable Auto Checks" ON and run a sync in Kertos.
Step 5: Finalize Integration in Kertos
25. Return to the Kertos Integrations page.
26. Click Save.
27. Click again on the Integration Card to Start Sync to run your first discovery run & auto check.