Skip to main content
Go to Red Canary Documentation
Red Canary Support

Why Is an Azure Subscription Missing in Red Canary?

  • Updated .

Issue

One or more Azure subscriptions are not listed on the integration details page more than 24 hours after being created.

Environment

Microsoft Azure Integration

Resolution

When integrating Azure with Red Canary, the first series of steps involves deploying Red Canary's bicep file and issuing remediation tasks using CloudShell commands.  If you issued those commands using a Management Group ID rather than your Tenant ID, any subscriptions outside of the integrated Management Group's hierarchy will not be visible to Red Canary.

If subscriptions are missing because the integration was onboarded at the wrong scope, your Global Administrator must perform Step 1: Set up the Azure infrastructure (see the integration guide) using your Tenant ID.  This action will redeploy the bicep file at the root tenant level and enforce Red Canary's Lighthouse delegation on the missing subscriptions.

If you have integrated at the root management group level, the subscriptions are missing because they are non-compliant with the RC Azure Log Ingest policy in your tenant.  In that case, follow the guidance below.

  1. From your Azure Portal, navigate to the Policy service and click the Compliance tab
  2. Under filters, set Scope to the Tenant Root Group (or Management Group if you've integrated Red Canary at a lower hierarchy)
  3. Search for the RC Azure Log Ingest assignment
  4. Click View Assignment and check for any Scopes, Overrides, or Exemptions that may be excluding the missing subscription from the policy assignment
  5. Click View Compliance to return to the previous screen
  6. If the missing subscription is showing a Compliance State of Non-compliant, create a new Remediation Task
How to Create a New Remediation Task

A user with permission to take the microsoft.policyinsights/remediations/write action at the root tenant or management group scope can follow the steps below.

  1. From your Azure portal, navigate to the Policy service
  2. Navigate to the Compliance tab and search for RC Azure Log Ingest
  3. Click into the policy and select Create Remediation Task
  4. Set Scope to root management group
  5. Target desired subscriptions
  6. Click the Remediate button

Cause

Any subscriptions that are non-compliant with the RC Azure Log Ingest policy assignment will not be visible in Red Canary Portal.  This policy enforces the Red Canary - Azure Log Ingest Service Provider Offer in your Azure Lighthouse service to grant permissions to Red Canary.  For a detailed description of our Azure integration, see How Microsoft Azure Works with Red Canary.

By default, Azure integrations are limited to 2,000 subscriptions (including Visual Studio Subscriptions).  If your tenant exceeds this, reach out to Red Canary Support.