Selective Cloud Account Onboarding
To perform selective cloud account onboarding for Azure:
Log in to Sysdig Secure as an Admin.
Navigate to Integrations > Connective Environments > Azure.
Follow the steps to Configure Installation Permissions and Enter your Subscription Details.
At the step Subscriptions to Onboard, review the Account Selection Options.
Account Selection Options
By default, when you onboard an Azure account, all Management Groups are onboarded. You can configure Azure onboarding using the following methods:
All
This is the default option, which selects all subscriptions within the connected Azure tenant or Management Group.
- All existing and newly created active subscriptions will be onboarded.
- Use this option if your organization wants full coverage across its Azure environment.
Include Management Groups
This option lets you explicitly include one or more Management Groups during onboarding.
Management Groups to Include
- All subscriptions under these Management Groups will be considered for onboarding.
- You can list one or more Management Groups to include during onboarding. If you are using Terraform, set them using
include_management_groups.
Exclude Subscriptions (optional)
- These subscriptions will not be onboarded, even though their parent Management Group is included.
- You can exclude certain subscriptions within included Management Groups. If you are using Terraform, set them using
exclude_subscriptions.
Include Extra Subscriptions (optional)
- These subscriptions will be onboarded even though their parent Management Groups are not included.
- You can include specific subscriptions from Management Groups that are not listed in
include_management_groupsby explicitly adding them toinclude_subscriptions.
Exclude Management Groups
This option lets you exclude one or more Management Groups from onboarding.
Management Groups to Exclude
- All subscriptions under these Management Groups will be skipped unless explicitly included.
- You can exclude one or more Management Groups from the onboarding process. If you are using Terraform, set them using
exclude_management_groups.
Include Subscriptions (optional)
- These subscriptions will be onboarded even if their parent Management Groups are excluded.
- You can include specific subscriptions from excluded Management Groups by adding their subscription IDs, ensuring they are still onboarded. If you are using Terraform, set them using
include_subscriptions.
Exclude Extra Subscriptions (optional)
- These subscriptions will not be onboarded even though their parent Management Groups are included.
- You can exclude specific subscriptions within included Management Groups by explicitly listing them.
For both include and exclude inputs (for Management Groups and Subscriptions), always use the Azure resource IDs (for example, /providers/Microsoft.Management/managementGroups/abc-group or /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx) and not display names.
Terraform Configuration
You can also perform select cloud account onboarding via terraform, using the following variable:
| Terraform Variable | Purpose |
|---|---|
include_management_groups | Only subscriptions under these Management Groups are considered for onboarding. |
exclude_management_groups | Any Management Groups listed here will be skipped. |
include_subscriptions | Explicitly include these subscription IDs, even if they fall outside Management Groups |
exclude_subscriptions | Exclude these subscriptions, even if they’re under included Management Groups |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
