# Azure VM Access Configuration ## Entra ID App Registration Log into your [**Azure Portal**](https://portal.azure.com/) and navigate to the **Microsoft Entra ID service**. Click on **Add** and select **App registration** ![Azure portal: Add new user, group, enterprise app, or app registration in Default Directory.](/files/tYXu57S3O6LA6lV7AyTn) Give the application a meaningful name, we need this name later. Leave the **Supported account types** default: **Accounts in this organizational directory only**. Click on **Register**. ![Azure portal screen for registering a new application named "AikidoSecurity" with account type selection.](/files/cOrohzIfPgBx2074rCvN) You get redirected to the detail page of the newly created application. Here you can find and copy the **Application (client) ID** and the **Directory (tenant) ID** ![Azure portal showing AikidoSecurity application's client ID and essential overview details.](/files/4fpKwbsaRodFUbOEMMX8) At the client credentials field, click "Add a certificate or secret" ![Azure portal displaying AikidoSecurity app overview and client credential configuration options.](/files/qcpe9bPtT57jVasgw9ES) Click the "New client secret"-button, give a description for the secret and set the expiration date to 2 years (730 days / 24 months) ![Creating a new client secret for application authentication in Azure AD.](/files/QOHwbhOYMHyGPnbKZ66C) Copy the **Secret's Value** ![Azure portal client secret management screen showing secret description, expiry date, and copy option.](/files/LTm3MK6opl5AyZKzyuxA) You now have all the required values to add the Azure Cloud via the Public API once the application setup is complete in Azure Portal. ## Azure RBAC Role Assignment Go to the subscription detail page. Now we need to make sure we grant access to the roles we need. Navigate to **Subscriptions**, find the relevant Subscription for your Virtual Machines Click on **"Access Control (IAM)"**. ![Azure IAM access control panel for managing roles and permissions in a subscription.](/files/QQTSKaUk9SqA9gyZgfeV) Go to the Role assignments tab & Click on **"Add"**, then **"Add role assignment"**. ![Azure portal interface for adding role assignments and managing classic administrators.](/files/ciR0N2eaEFFFoRw1NxxD) In the **"Role"** tab, search and select **"VM Scanner Operator"** & Click **"Next"**. ![Assigning "VM Scanner Operator" role for disk snapshot security analysis in Azure.](/files/Drgxm6X5w5JnkEHWmRYL) Leave the **"Assign access to**" default value. Click on **"Select Members"**, search for the name of the app registration (e.g. "AikidoSecurity") you created and select it. Click **"Select"** Click **"Review + assign"** twice ![Assigning a role to a member in Azure subscription using Access Control (IAM) settings.](/files/0sf3Dmp9hyjhRTQKhkt2) Repeat the role assignment process for the role **"Disk Snapshot Contributor"**. The App Registration now has the required roles to scan your virtual machines. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.aikido.dev/virtual-machine-scanning/azure/setup-configuration-in-azure.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.