# Microsoft Azure

P0's Azure integration is **Generally Available** and provides comprehensive access management for your Azure resources.

## Overview

This guide walks you through installing and configuring P0's Azure integrations:

* IAM Management for Just‑in‑Time (JIT) access
* SSH access for Azure Virtual Machines via Bastion

## Installation summary

Complete the following steps **in order**. Each step depends on the one before it.

{% hint style="info" %}
Steps 3 and 4 are only required if you need SSH access for Azure Virtual Machines. If you only need IAM management for JIT access, complete steps 1 and 2.
{% endhint %}

| Step | Page                                                                                                                                            | Purpose                                            | Depends on                 |
| ---- | ----------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | -------------------------- |
| 1    | [Azure app registration](https://docs.p0.dev/integrations/resource-integrations/microsoft-azure/azure-app-registration)                         | Create the service identity P0 uses in your tenant | —                          |
| 2    | [IAM management](https://docs.p0.dev/integrations/resource-integrations/microsoft-azure/iam-management)                                         | Enable Just‑in‑Time access to Azure resources      | App registration           |
| 3    | [Configure bastion host integration](https://docs.p0.dev/integrations/resource-integrations/microsoft-azure/configure-bastion-host-integration) | Set up the Bastion host for secure SSH tunneling   | IAM management             |
| 4    | [Install SSH access](https://docs.p0.dev/integrations/resource-integrations/microsoft-azure/install-ssh-access)                                 | Connect P0 to your Azure VMs for SSH access        | Bastion host configuration |

{% hint style="warning" %}
These steps have strict dependencies. You cannot configure a Bastion host without first completing the app registration and IAM management, and you cannot install SSH access without first configuring a Bastion host.
{% endhint %}

## Before you begin

* Choose one Entra ID directory on which you want to install P0
* Choose at least one subscription on which to install P0.
* Make sure you have the ability to create new app registrations as well as new roles and role assignments. You can do this if you have the [Owner](https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles/privileged#owner) role attached to your user.

## Get started

Navigate to "Integrations" on [p0.app](https://p0.app), then select "Azure". You will be prompted to enter the ID of the [Entra Tenant](https://techcommunity.microsoft.com/blog/startupsatmicrosoftblog/demystifying-microsoft-entra-id-tenants-and-azure-subscriptions/4155261) you want to install P0 on.

<figure><img src="https://3783273641-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FSQNwGQz62W737pY0FzVb%2Fuploads%2Fgit-blob-f38e03aa1f1b329a4b34eba6700729ca54be6f27%2FScreenshot%202025-07-03%20at%203.23.31%20PM.png?alt=media" alt="P0 Security Azure Directory Field" width="563"><figcaption></figcaption></figure>

Then proceed to [Step 1 — Azure app registration](https://docs.p0.dev/integrations/resource-integrations/microsoft-azure/azure-app-registration).

### IAM assessment (coming soon)

Support for IAM assessment is planned and will appear in the Azure integration when available.