Prepare Your Azure Account

Prepare your Azure account and subscription(s) before you connect and onboard them to Multicloud Defense Controller with the following steps:

  1. Acquire and register an Azure subscription. Ensure the subscription is associated to the Microsoft Entra ID. Review the list of App Registrations in your Azure portal to confirm whether the subscription is correctly linked to Multicloud Defense.

  2. Create a custom role for your Azure subscription. This grants Multicloud Defense access to specific resources or actions that would otherwise be blocked.

  3. Subscribe to the Azure Event Grid. This allows Multicloud Defense to receive real-time updates and can be configured to send events to subscribers (push) or subscribers can connect to Event Grid to read events (pull). See the "Create event subscriptions" chapter in the Azure User Guide for more information.

  4. Connect an Azure Subscription to the Multicloud Defense Controller from the Multicloud Defense Dashboard. Azure subscriptions encapslulate "technical" resources such as virtual machines. Complete this step to use any Azure-based VMs with Multicloud Defense gateways or any depoyment action.

  5. Accept Marketplace Terms. If this is the first time your Azure account is being onboarded to Multicloud Defense, you must accept Cisco marketplace terms. Without this agreement you cannot complete the onboarding action.

  6. (Optional) User-assigned Managed Identity for Key Vault and Blob Storage access. Configured in the Azure environment, the key vault and blob storage access is intended to give you more flexibility to use the same identity across different resources, maintaining consistent permissions and identities across services.

If you find that you cannot use the automated script, see the alternative procedure to manually onboard your account here.

Note

If you have more than one subscription you want to configure with Multicloud Defense, use the procedure in Connect an Azure Subscription to the Multicloud Defense Controller from the Multicloud Defense Dashboard for one subscription and then modify the policy in your Azure portal to add the other subscriptions. You must onboard these subscriptions individually, but you can associate them with Multicloud Defense in bulk.