# Azure Virtual Machine Scanning Setup

{% hint style="info" %}
This functionality is available for **Pro** and **Advanced** plans only. [Contact us](https://www.aikido.dev/contact) for more information.
{% endhint %}

### Why should I scan my virtual machines? <a href="#why-should-i-scan-my-virtual-machines" id="why-should-i-scan-my-virtual-machines"></a>

With virtual machine scanning, Aikido can scan the hard drives of your virtual machines for vulnerable packages, outdated runtimes and risky licenses.

### Getting started <a href="#getting-started" id="getting-started"></a>

To enable the scanning of your virtual machines on Azure, you should first start by connecting your Azure Cloud to Aikido. To do this you can follow the steps outlined in [this article](/cloud-scanning/connect-your-cloud/azure/connect-azure-cloud-account-to-aikido.md).

Once your cloud is connected, you'll see a tab appear on the detail page called 'Virtual Machines'.

![Azure dashboard prompting to activate virtual machine scanning for security and compliance checks.](/files/FWWFtYwt39pohklVAtXi)

When you click on 'Set Up VM Scanning' we'll take you to the following page:

![Azure VM scanning setup instructions with Application ID entry field.](/files/EtRzFKK4qpR5r0M9u4H8)

The setup wizard will guide you through creating a new App Registration inside of the Azure Portal with an API secret specifically for Aikido.

The API secret will be used by Aikido to make the necessary API requests to scan your resources. Aikido will notify you via email when the secret is about to expire.

Only the bare minimum of permissions are granted to the App Registration. This ensures that Aikido can perform its security checks without the risk of unintended altering of your resources.

Once you click 'save', Aikido will immediately start to discover any virtual machines in your account and scan them.

### VM grouping

To optimize scanning efficiency, Aikido groups certain Azure VMs and scans only one instance from each group. Grouping works as follows:

* **Virtual Machine Scale Sets (VMSS)**: All VMs that belong to the same VMSS are shown as a single VM group in Aikido. The VM group's name matches the VMSS identifier.
* **No grouping**: VMs that aren't part of a VMSS are treated as standalone VMs and scanned individually.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.aikido.dev/virtual-machine-scanning/azure/azure-virtual-machine-scanning-setup.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.