Before onboarding Azure subscriptions, ensure you have an Azure Active Directory integration. The subscription integration reuses the same app registration created in Azure AD.
Prerequisites
-
Owner role at the subscription scope
Needed to grant the Plerion App registration permissions for CSPM, and to create the resource group, managed identity, and role assignments for CWPP. -
CWPP requirements
If you plan to enable CWPP, review the Azure CWPP prerequisites. These are not needed if you only want CSPM.
Steps to add a Microsoft Azure subscription integration
1
On the Plerion dashboard, go to Settings > Integrations
2
Find Microsoft Azure subscription and click the + button
3
Select an Azure Active Directory integration
Choose an existing Azure AD integration to reuse its app registration.
4
Grant the app registration subscription access
- Provide access to the App registration using either the Azure CLI or Azure Portal.
- If enabling CWPP, select the default region where Plerion will create a dedicated resource group.
5
Download and run the setup script
- Download the script and run it in your CLI or Azure Cloud Shell.
- This will list the available subscriptions.
- Use the associated number to select one, or press
yto install on all subscriptions.
6
Install CSPM roles
- Press
yto install CSPM roles on all subscriptions, or enter the subscription number to install on a specific subscription. - To skip optional CSPM roles, press
s. To install them, pressy.
7
Install CWPP roles (optional)
Press 
y to enable CWPP on all subscriptions, or enter a subscription number to enable it only on that subscription.8
Return to Plerion and verify access
- On the Plerion platform, click
Verify access. - Subscriptions with correct permissions will be displayed.
9
Add subscriptions to your tenant
- Select the subscriptions to onboard and click
Add subscriptions. - These subscriptions will now be available in Plerion for CSPM and CWPP.