Skip to content

Azure Setup

Azure support is in early access

Azure discovery is available with a limited set of services. Full parity with AWS and GCP coverage is on the roadmap. See Azure Services for currently supported services.

LightPane connects to your Azure subscription using a Service Principal with the built-in Reader role. This grants read-only access to resource configuration and metadata.

What gets created

  • A Service Principal (app registration) in your Azure Active Directory
  • A Reader role assignment scoped to the target subscription
  • A client secret for authentication (stored encrypted by LightPane)

Setup

  1. Log in to app.lightpane.cloud
  2. Go to Cloud Accounts and click Link Azure Subscription
  3. Follow the instructions to create a Service Principal

Manual setup with Azure CLI

# Create the Service Principal with Reader role
az ad sp create-for-rbac \
  --name "LightPane Reader" \
  --role "Reader" \
  --scopes "/subscriptions/YOUR_SUBSCRIPTION_ID"

This outputs:

{
    "appId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "displayName": "LightPane Reader",
    "password": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "tenant": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}

Enter these values in your LightPane account:

Field Azure output
Client ID appId
Client Secret password
Tenant ID tenant
Subscription ID The subscription you specified in --scopes

The Reader role

The Azure built-in Reader role grants read-only access to all resources in the subscription. It cannot create, modify, or delete any resource.

Supported regions

LightPane discovers resources in any Azure region. Specify the region in your service requests.

Revoking access

Delete the Service Principal in Azure Active Directory or remove the role assignment from the subscription. LightPane immediately loses access.

Current limitations

Azure support is under active development. Current limitations include:

  • Fewer services supported compared to AWS and GCP
  • Service account key authentication only (no workload identity federation equivalent yet)
  • Limited attribute coverage on some services

See Azure Services for the current service list.