Skip to main content

Illumio Segmentation for the Cloud User Guide

  • Illumio Segmentation for the Cloud User Guide
  • Get Started
  • Onboarding Azure

Onboarding Azure

Illumio provides three options to onboard Azure.

  • Easy Onboarding (Recommended): Follow the guided wizard to onboard your Azure account, set up flow log access, and establish the necessary read/write permissions.

  • Advanced Onboarding: Follow this path to manually onboard your subscription and tenants, set up flow log access, and grant access.

  • Using Terraform: Follow this path to onboard Azure using Terraform. Then, set up flow log access and grant access.

Important

If you select Advanced Onboarding or Terraform, you must manually set up flow log access and grant access for the onboarding to be successful.

Azure Easy Onboarding

The Azure Easy Onboarding wizard provides a step-by-step guide to onboard Azure tenants or subscriptions.

  1. Review the prerequisites. Prerequisites for Onboarding Azure

  2. If you are logging in for the first time, click + Azure on the Onboarding page to onboard your first account.

  3. If you've already onboarded other accounts, choose Onboarding from the left navigation. Click +Add Azure at the top of the page.

  4. Confirm you have administrator privileges in Azure or invite someone who has administrator privileges and click Continue.

  5. Select Easy Onboarding (New) and click Continue.

  6. Paste in your Tenant ID from the Azure portal and click Continue.

    • Select New Tenant if the tenant has not been onboarded to Illumio.

    • Select Existing Tenant if the tenant has already been onboarded to Illumio.

  7. Sign in to the Azure portal, consent to the permissions in Azure, and click Accept.

  8. Return to Illumio and select the integration scope as either Tenant or Subscription and click Continue.

    Caution

    Selecting Tenant onboards all of the subscriptions within that tenant.

  9. Select Enable VNET Flow Logs.

  10. Select permissions and click Continue.

    • Read Only permissions provides the necessary permissions to build your AI security graph for visibility across your subscription or tenant.

    • Read and Write permissions provides the necessary permissions for visibility and the use of one-click quarantine remediation capabilities across your subscription or tenant.

  11. Review and confirm your configuration and click Complete.

    After you onboard, your onboarded Azure tenant or subscriptions will appear in the Onboarding page.

Illumio configures flow logs for VNETs without existing logs.

Azure Advanced Onboarding

Follow the advanced onboarding path if you cannot onboard an Azure tenant or subscription due to permissions limitations, such as being unable to run the onboarding PowerShell script.

  1. Review the prerequisites and permissions before you onboard Azure.

  2. Onboard subscriptions and tenants.

  3. Set up flow logs and grant access.

    1. See Set up Flow Logs.

    2. See the Grant Flow Log Access section in Onboard an Azure Cloud Tenant - Guided Setup.

    Important

    You must complete steps 3a and 3b for the onboarding to be successful.

After you onboard Azure tenants, you can visualize your resources, define your public cloud environments, and create policies. See After onboarding your accounts.

Using Terraform to Onboard Azure

To use the Illumio Terraform module to automate and simplify Azure tenant onboarding, follow this Terraform setup.

  1. Review the prerequisites and permissions.

  2. Create a Terraform application.

  3. Use the Terraform application to onboard tenants.

  4. Set up flow logs and grant access.

    1. See Set up Flow Logs.

    2. See Grant flow log access to your CSPs.

    Important

    You must complete steps 4a and 4b for the onboarding to be successful.

After you onboard Azure tenants using the Terraform Application setup, you can visualize your resources, define your public cloud environments, and create policies.

See After onboarding your accounts.