Azure AI/ML Cloud Onboarding¶
In this section we can find the steps to onboard an Azure cloud account to the AccuKnox SaaS platform
AI/ML Prerequisites for Azure Cloud Accounts
Please review the AI/ML Prerequisites for Azure before proceeding with the onboarding process.
Rapid Onboarding (via Azure)¶
For Azure Onboarding it is required to register an App and giving Security read access to that App from the Azure portal.
Step 1: Go to your Azure Portal and search for App registrations and open it
Step 2: Here click on New registration
Step 3: Give your application a name, remember this name as it will be used again later, For the rest keep the default settings
Step 4: Now your application is created, save Application ID and Directory ID as they will be needed to for onboarding on AccuKnox Saas and then click on ‘Add a certificate or secret’
Step 5: Click on new client secret and enter the name and expiration date to get secret id and secret value, save this secret value as this will also be needed for onboarding.
Step 6: Next, go to API permissions tab and click on 'Add permission'
Step 7: On the screen that appears, click on 'Microsoft Graph'
Step 8: Next, select Application Permissions and then search for Directory.Read.All and click on Add permissions
Step 9: Select ‘Grant Admin Consent’ for Default Directory and click on ‘Yes’
Step 10: Now we need to give Security read permissions to this registered Application , to do that go to subscriptions
Step 11: First save the subscription ID and click on the subscription name , here it is “Microsoft Azure Sponsorship“
Step 12: Navigate to Access control(IAM) and go to Roles , here select Add > Add Custom Role
Create a custom role with the following actions:
Microsoft.MachineLearningServices/workspaces/onlineEndpoints/score/action
Microsoft.MachineLearningServices/serverlessEndpoints/listKeys/action
Microsoft.Storage/storageAccounts/listKeys/action
Microsoft.MachineLearningServices/workspaces/batchEndpoints/score/action
It will look similar to this (use the above listed permissions):
Step 13: Next, we need to apply the Reader role.
- Go to the Azure Portal → Subscriptions (or Resource Groups) → select your target scope.
- Open Access control (IAM) → click Add > Add role assignment.
- In the Role tab, select Reader, then click Next.
- Under Members, choose the user, service principal, or group → Review + assign to apply the Reader role.
From AccuKnox SaaS UI¶
Configuring your Azure cloud account is complete, now we need to onboard the cloud account onto AccuKnox Saas Platform.
Step 1: Go to settings→ Cloud Account and click on Add Account
Step 2: Select Microsoft Azure as Cloud Account Type
Step 3: Select or create label and Tags that will be associated with this Cloud Account
Step 4: Enter the details that we saved earlier during the steps for app registration and subscription id from subscriptions in azure portal and click on connect. Ensure to check the box "AI/ML Assets" to enable AI/ML asset discovery and monitoring.
Step 5: After successfully connecting your cloud account will show up in the list
