Coming Soon

Microsoft Azure integration

Q: Is the Microsoft Azure integration available now?

Not yet — it is in active development. Add your email below and we will notify you the moment it ships. In the meantime you can scan any Azure-hosted asset in FortWatch today by adding its domain or IP directly.

Q: What Azure permissions will FortWatch need?

Read-only ones. You register an Azure AD (Entra ID) app and grant its service principal a scoped Reader plus Security Reader role. FortWatch reads your public asset inventory and writes findings into Defender for Cloud or a Log Analytics workspace — it never needs write access to your workloads.

Q: Does the integration scan from inside my Azure tenant?

No. FortWatch always scans from the outside, the way an attacker would. The Azure connection is for syncing which public assets to scan and for delivering the resulting findings back into Defender for Cloud and Microsoft Sentinel.

Cloud Providers

Microsoft Azure hosts a large share of the public-facing assets that attackers actually probe — App Service endpoints, public IPs, Blob Storage containers, and Azure DNS records. FortWatch scans those assets from the outside, the way an attacker sees them, and the Azure integration (currently in development) will feed every finding back into the Microsoft security tooling your team already runs — Microsoft Defender for Cloud and Microsoft Sentinel — so external exposures show up next to your internal posture instead of in a separate silo.

Get notified All integrations

New alert in Microsoft Azure

Criticaljust now

Exposed Redis on 203.0.113.10:6379

Unauthenticated database reachable from the internet.

View finding & step-by-step fix →

Delivered in < 1 minute

How it works

Microsoft Azure + FortWatch

FortWatch connects to your Azure tenant through an Azure AD (Entra ID) app registration with a service principal, granting a scoped, read-only role (typically Reader plus Security Reader). That lets FortWatch enumerate public-facing resources via the Azure Resource Manager REST API — public IP addresses, App Service and Front Door hostnames, Blob Storage accounts, and Azure DNS zones — so your scan scope stays in sync as you spin assets up and down. When a scan finds an exposure, FortWatch pushes it into Azure two ways: as a security finding in Microsoft Defender for Cloud (via the Security sub-assessment API, mapped to a Defender severity), and as a structured event into a Log Analytics workspace using the Azure Monitor Logs Ingestion API, where Microsoft Sentinel analytics rules and workbooks can correlate it with the rest of your telemetry. Data flows outbound from FortWatch into Azure; FortWatch never needs write access to your workloads.

FortWatch scans

Eleven scanners watch your external attack surface around the clock — ports, certs, DNS, cloud buckets, exposed files and more.

AI triages the finding

Each issue is scored by real-world impact and packaged with the affected asset and a one-line explanation of the risk.

Delivered to Microsoft Azure

The finding lands in Microsoft Azure, routed by severity — so the right people see the right alert, fast.

Capabilities

What you'll be able to do

Everything the Microsoft Azure integration will bring to your security workflow.

Outside-in asset sync

FortWatch reads your Azure Resource Manager inventory to keep external scan scope aligned with live public IPs, App Service hostnames, and Front Door endpoints — no manual asset list to maintain.

Public Blob Storage detection

surface anonymously listable storage containers and push them into Defender for Cloud as critical findings before data leaves your tenant.

Sentinel correlation

stream external findings into a Log Analytics workspace so Sentinel analytics rules fire when an exposed port or expiring cert lines up with suspicious sign-in or network activity.

Unified severity view

external exposures land in Defender for Cloud with mapped severities, so your security score reflects internet-facing risk, not just in-cluster misconfigurations.

Azure DNS hygiene

catch dangling CNAMEs pointing at deprovisioned Azure resources (subdomain-takeover risk) and SPF/DKIM/DMARC gaps on domains hosted in Azure DNS.

Certificate and endpoint monitoring

alert on expiring or weak TLS on App Service, Application Gateway, and Front Door endpoints before they break or get downgraded.

In practice

What an alert looks like

Every finding arrives formatted for Microsoft Azure — severity up front, the affected asset, and a one-line explanation of why it matters, with a link straight to the step-by-step fix.

Severity-tagged and color-coded
The exact asset and port affected
One click to the full finding & remediation

Microsoft Azure

FortWatch → Microsoft Defender for Cloud (security sub-assessment)\n\nSeverity: High\nFinding: Anonymously listable Blob Storage container\nResource: /subscriptions/.../storageAccounts/contosomedia (Blob: backups)\nDetail: Public container "backups" returns an EnumerationResults listing — files are readable without authentication.\nDetected: 2026-06-07 14:22 UTC\nRemediation: Set container access level to Private and disable anonymous blob access on the storage account.\nEvidence + step-by-step fix: https://app.fortwatch.ai/findings/...

Setup

Set it up in minutes, once it lands

No agents, no infrastructure changes — just connect Microsoft Azure and choose where alerts go.

When it launches: in FortWatch, open Settings → Integrations and start the Microsoft Azure connection.

Register a FortWatch app in Azure AD (Entra ID) and grant its service principal a scoped, read-only role — Reader plus Security Reader at the subscription or management-group level.

Paste the tenant ID, client ID, and client secret into FortWatch and select which subscriptions to sync.

Choose where findings are delivered: Microsoft Defender for Cloud, a Log Analytics workspace for Sentinel, or both — and map FortWatch severities to Defender severities.

Run a test sync to confirm assets import and a sample finding lands in Defender / Sentinel, then enable continuous scanning.

Why route FortWatch into Microsoft Azure?

Defender for Cloud and Sentinel are excellent at telling you what is misconfigured inside your tenant, but they see less of how your assets actually look from the open internet. Feeding FortWatch's outside-in findings into the same tools closes that gap, so an exposed Blob container or a dangling Azure DNS record is triaged in the same queue and security score as everything else. That means one place to prioritize, fewer blind spots between external and internal posture, and faster fixes.

FAQ

Frequently asked questions

Is the Microsoft Azure integration available now?

Not yet — it is in active development. Add your email below and we will notify you the moment it ships. In the meantime you can scan any Azure-hosted asset in FortWatch today by adding its domain or IP directly.

What Azure permissions will FortWatch need?

Read-only ones. You register an Azure AD (Entra ID) app and grant its service principal a scoped Reader plus Security Reader role. FortWatch reads your public asset inventory and writes findings into Defender for Cloud or a Log Analytics workspace — it never needs write access to your workloads.

Does the integration scan from inside my Azure tenant?

No. FortWatch always scans from the outside, the way an attacker would. The Azure connection is for syncing which public assets to scan and for delivering the resulting findings back into Defender for Cloud and Microsoft Sentinel.