# Azure Integration The Microsoft Azure integration allows Sprinto to read resources and monitor security configurations across your Azure subscription. Once connected, Sprinto continuously evaluates your Azure environment against applicable compliance requirements and surfaces findings on the platform. Sprinto requires read-level access to your Azure subscription in order to: * Monitor cloud resources and configurations * Evaluate security posture * Map evidence to relevant controls * Track compliance status in real time You can integrate Azure using either: 1. **Azure PowerShell (recommended)** – Automated setup using generated scripts 2. **Manual configuration** – Create and configure the Azure application yourself *** ### Available integration methods When you click **Connect** next to Azure under **Cloud Providers**, you can choose one of the following: * **Use Azure PowerShell (Recommended)** * **Create application manually** Both methods create a dedicated Azure app (`sprinto-auditor-app`) with the required read permissions. *** ## Method 1: Integrate using Azure PowerShell (Recommended) This method automatically creates the required Azure application and assigns the necessary permissions. #### Step 1: Start the integration in Sprinto 1. Log in to the Sprinto dashboard. 2. Navigate to **Settings** → **Integrations**. 3. In the All tab, search for Microsoft Azure. 4. Under **Cloud Providers**, click **Connect** next to **Microsoft Azure**.

5. Review the permissions required and click **Next**. 6. Select **Use Azure PowerShell**. 7. Enter your **Azure Subscription Name**.\ (You can find it in Azure under **Account → Subscriptions**.) 8. Click **Continue**.

*** #### Step 2: Run the PowerShell script 1. Under **Step A**, click **Copy PowerShell Code**.

2. Open **Azure Cloud Shell** or your local Azure PowerShell terminal. 3. Paste and execute the copied script. This script: * Creates an application named `sprinto-auditor-app` * Assigns the required Microsoft Graph permissions * Configures the appropriate role access

*** #### Step 3: Grant admin consent 1. In Azure, go to **App Registrations**. 2. Search for and select **sprinto-auditor-app**. 3. Navigate to **API Permissions**. 4. Click **Grant admin consent for Default Directory**.

Admin consent is required for Sprinto to read directory data. *** #### Step 4: Add Role Assignment in Azure Console 1. Go to Subscription in the Azure console. 2. Click on **Access control (IAM)**. 3. Click **Add role assignment**.

4. Select Reader Role and click **Next**. 5. Click on **Select members**. 6. Search for `sprinto-auditor-app` and select it. 7. Click **Review + Assign**.

8. Refresh the role assignment list to see the assignment for `sprinto-auditor-app` . *** #### Step 5: Generate and copy JSON output 1. In Sprinto, move to **Step C**. 2. Copy the provided PowerShell code. 3. Run it in PowerShell to generate a JSON output. 4. Copy the JSON result. 5. Paste the JSON into the **Step 2** box in Sprinto. 6. Click **Connect**.

The Azure integration will now be configured. *** ## Method 2: Integrate Azure manually Use this method if you prefer to configure Azure access manually. ### Step 1: Create a new App Registration 1. Log in to the Azure Portal. 2. Go to **App registrations**. 3. Click **New registration**.

4. Enter the name: `sprinto-auditor-app`. 5. Leave **Supported account types** as default. 6. Click **Register**.

Save the following values: * **Application (Client) ID** * **Directory (Tenant) ID** You will need these in Sprinto. *** ### Step 2: Create a Client Secret 1. Open the newly created app. 2. Go to **Certificates & secrets**. 3. Click **New client secret**. 4. Enter a description (for example: Sprinto Secret). 5. Set expiry to **24 months**. 6. Click **Add**.

7. Copy and securely save the **Secret Value**. {% hint style="info" %} #### Note It is recommended by Sprinto to set the expiry to 24 months. This is to avoid updating your client secret often. {% endhint %} *** ### Step 3: Configure API permissions 1. Go to **API permissions**. 2. Click **Add a permission**. 3. Select **Microsoft Graph**.

4. Choose **Application permissions**. 5. Under the Directory section, select: * `Directory.Read.All` 6. Click **Add permissions**.

7. Click **Grant admin consent for Default Directory**.

*** ### Step 4: Assign Reader role to the app 1. Navigate to **Subscriptions**. 2. Select your subscription. 3. Click **Access Control (IAM)**. 4. Click **Add role assignment**.

5. Select **Reader** role. 6. Click **Next**. 7. Click **Select members**. 8. Search for `sprinto-auditor-app`.

5. Click **Select**. 6. Click **Review + assign**.

*** ### Step 5: Complete setup in Sprinto 1. Return to Sprinto. 2. Click **Connect** next to Azure. 3. Select **Create application manually**. 4. Click **Continue**.

5. Enter the following details: * **Tenant ID** * **Application ID** * **Application Client Secret** * **Subscription ID**

6. Click **Connect**. 7. Check the confirmation box:\ \&#xNAN;*I have registered a new app and gave appropriate permissions.* 8. Click **Connect with Azure**. *** ### Post-integration behaviour After successful setup: * Sprinto begins syncing Azure data. * Initial sync may take up to **24 hours**. * Compliance findings and resource posture will appear in the dashboard automatically. *** ### Troubleshooting #### Admin consent button is disabled Ensure you are logged in as an Azure Global Administrator or Application Administrator. #### Permission errors during sync Confirm that: * `Directory.Read.All` is granted * Admin consent has been approved * Reader role is assigned at the subscription level #### JSON validation fails (PowerShell method) Re-run the Step C script and ensure: * The correct subscription is selected * The full JSON output is copied without modification #### Sync not reflecting data Wait up to 24 hours for the first sync cycle. If issues persist, contact Sprinto Support. *** Once the above steps are completed the integration will be up and running and in the next 24 hours Sprinto will be able to sync data and start reporting the same on the platform, please feel free to reach out to Sprinto Support at in case you face any challenges.