Microsoft Azure
Connect your Azure subscription so AgentSOAR can contain threats on Virtual Machines — blocking attacker IPs with NSG deny rules, isolating VMs with a deny-all NSG rule, and powering VMs on and off. AgentSOAR authenticates as a Microsoft Entra app registration with an RBAC role assignment on your subscription.
What this enables
This credential powers three AgentSOAR response capabilities against your Azure subscription:
| Capability | What it does | How |
|---|---|---|
block_ip | Blocks an attacker IP at the network edge | Network Security Group (NSG) deny rule |
isolate | Cuts a Virtual Machine off from the network | Deny-all NSG rule |
power | Powers a Virtual Machine on or off | Start / deallocate VM |
Prerequisites
- An Azure subscription with the Virtual Machines and networking resources you want AgentSOAR to manage.
- An account that can create app registrations and assign RBAC roles on the subscription.
- Access to AgentSOAR → Settings → Credentials (
/agentsoar/settings/credentials).
How the connection works
AgentSOAR authenticates to Azure as a Microsoft Entra app registration using a client secret, and acts on resources via an RBAC role assignment on your subscription. Four values go into the credential form:
| Value | What it is |
|---|---|
| Subscription ID | The subscription containing the VMs and networking resources |
| Tenant ID | Your Microsoft Entra (Azure AD) directory ID |
| Client ID | The app registration's Application (client) ID |
| Client Secret | A secret generated for that app registration |
By the end of this guide you will have all four and a validated credential in AgentSOAR.
Step 1 — Create an app registration
- Open the Microsoft Entra admin center → Identity → Applications → App registrations.
- Click New registration, name it e.g.
agentsoc-soar, and register it (no redirect URI is needed).
Step 2 — Copy the Client ID and Tenant ID
On the app registration's Overview page, copy:
- Application (client) ID → the Client ID field in AgentSOAR.
- Directory (tenant) ID → the Tenant ID field in AgentSOAR.
Step 3 — Create a client secret
- Go to Certificates & secrets → Client secrets → New client secret.
- Give it a description and an expiry, then Add.
- Copy the secret Value immediately.
Copy the Value, not the Secret ID. The value is shown only once — if you lose it, create a new secret. Track the expiry date and rotate the secret before it lapses.
Step 4 — Get the Subscription ID
In the Azure portal, open Subscriptions and copy the Subscription ID of the subscription that holds the VMs you want AgentSOAR to manage.
Step 5 — Assign an RBAC role to the app
The app registration has no resource access until you grant it a role.
- Open the subscription → Access control (IAM) → Add → Add role assignment.
- Assign both built-in roles, selecting your app registration as the member each time:
- Virtual Machine Contributor — read, start, stop, and deallocate VMs.
- Network Contributor — create and delete the NSG rules used to block and isolate.
For least-privilege, replace these with a custom role scoped to the
Microsoft.Compute/virtualMachines/*andMicrosoft.Network/networkSecurityGroups/*actions, assigned only on the resource groups you operate in.
Step 6 — Add the credential in AgentSOAR and validate
- In AgentSOAR, open Settings → Credentials (
/agentsoar/settings/credentials). - Add a Microsoft Azure credential and enter the Subscription ID, Tenant ID, Client ID, and Client Secret gathered above.
- Save. AgentSOAR validates by acquiring a token and listing VMs.
- Once it shows Healthy, the Azure action capabilities are ready to use.
Troubleshooting
| Error | Likely cause and fix |
|---|---|
AADSTS7000215 — invalid client secret | The Client Secret is wrong, expired, or you copied the Secret ID instead of the Value. Create a new secret (Step 3). |
AADSTS700016 — application not found | The Client ID or Tenant ID is wrong. Re-copy both from the app registration Overview (Step 2). |
AuthorizationFailed when running an action | The app has no role on the subscription, or the role is missing an action. Re-check Step 5. |
SubscriptionNotFound | The Subscription ID is wrong, or the app's role is assigned on a different subscription. |
Reference: Microsoft — Register an app and create a client secret