Setting up an Azure Integration
Last updated
Was this helpful?
Last updated
Was this helpful?
The Azure integration uses DefaultAzureCredential
for authentication, which supports multiple authentication methods. This guide focuses on setting up authentication using Azure CLI and Service Principal, which is recommended for production use.
You will need to create a service principal for the plugin to use:
Install the if you haven't already
Open your terminal and run:
Create a service principal with a Reader access:
The command will output credentials in the following format:
Save these credentials - you'll need them in the next step.
There are two main approaches to sync data from multiple Azure subscriptions:
Management Group Level Access
The most dynamic approach is to scope the service principal at the Management Group level. This allows automatic discovery of all subscriptions under the specified Management Group(s), including any new subscriptions added later.
To create a service principal with Management Group access:
Specific Subscriptions Access
If you prefer to limit access to specific subscriptions, you can list them explicitly in the scope. This command grants access to all currently accessible subscriptions:
When using the specific subscriptions approach, the service principal won't automatically get access to newly added subscriptions. You'll need to run the command again to include new subscriptions.
In CloudQuery Platform, go to Data Pipelines → Integrations. Click Create Integration and type Azure to find the Azure integration.
Copy-paste the saved credentials into their respective fields:
Optionally, configure the subscriptions to sync or skip and choose the Azure cloud to sync from.
Click Continue to proceed with service data selection
Click Test Connection and save to verify the configuration and save this integration.
Select services to sync from. Selecting a service will create and sync all tables related to the Azure service. For the list of individual tables, see .
With your Azure integration created, you can now proceed to use it in a . This will give you the opportunity to specify when your Azure sync should be run, and to which destination databases.