Account Integration Procedures Guide to integrating cloud accounts with the platform. AWS Account Integration Link AWS Account  Navigating to the Account Integration Page Log in to the Platform Access the platform and sign in using your credentials. Open the Account Selector Locate the Select account dropdown at the top-right corner of the dashboard. Click on it to open the list of available cloud accounts. Add Cloud Account From the dropdown menu, click on Add Cloud Account . This will redirect you to the  Select Your Preferred Cloud Service or Platform page. Click on the AWS (Amazon Web Services) card . Note: Initially, only AWS Management Account can be linked in this section. No Management Account Initially If you do not have any management account linked initially to the Xops 360 Portal, follow the steps below to add a new AWS account. After clicking on the  AWS (Amazon Web Services) card on the Select Your Preferred Cloud Service or Platform page, a new window will appear prompting you to select the AWS Account Type . Select AWS Account Type On the  Select AWS Account Type screen, you will see two options: Management Account Linked Account Click on Management Account to proceed with linking your AWS Management Account to the Xops 360 platform. Link a New AWS Account After selecting Management Account, you will be redirected to the Link a New AWS Account page. Initiating Account Integration Access Setup Instructions Click the Information ("i") button to view step-by-step setup guidance. Retrieve AWS Role ARN Follow the setup guide to create a required Cloud Formation stack in the AWS Management Console. Once the stack is created, navigate to the Outputs tab in the stack details page. Copy the AWS Role ARN from the output. Configure AWS Integration Return to the Link a New AWS Account page in the platform. Provide a suitable name in the AWS Account Name field. Paste the copied AWS Role ARN into the designated field. Click Connect to finalize the integration.                    Adding a Linked AWS Account If you already have a management account linked to the Xops 360 Portal and want to add a linked (child) AWS account , follow these steps: Log in to the Platform Sign in and open the platform dashboard. Open the Account Selector Locate the Select account dropdown at the top-right corner of the dashboard. Click on it to open the list of available cloud accounts. Add Cloud Account From the dropdown menu, click on Add Cloud Account . This will redirect you to the  Select Your Preferred Cloud Service or Platform page. Click on the AWS (Amazon Web Services) card .  After clicking on the  AWS (Amazon Web Services) card on the Select Your Preferred Cloud Service or Platform page, a new window will appear prompting you to select the AWS Account Type .          Select AWS Account Type On the Select AWS Account Type screen, the Linked Account option will be displayed. Click on Linked Account to proceed with linking your AWS Linked Account to the Xops 360 platform. Link a New AWS Account After selecting Linked Account , you will be redirected to the Link a New AWS Account page. Initiating Account Integration Access Setup Instructions Click the Information ("i") button to view step-by-step setup guidance. Retrieve AWS Role ARN Follow the setup guide to create a required Cloud Formation stack in the AWS Management Console. Once the stack is created, navigate to the Outputs tab in the stack details page. Copy the AWS Role ARN from the output. Configure AWS Integration Return to the Link a New AWS Account page in the platform. Provide a suitable name in the AWS Account Name field. Paste the copied AWS Role ARN into the designated field. Click Connect to finalize the integration.  Note: For any challenges, please contact our support team at support@axiomio.com First-Time Login Experience When you log in for the first time, you will be prompted to select your preferred cloud service or platform (AWS, EKS Azure, or Microsoft). This selection is required to establish the initial account connection. Once your account is successfully connected to AWS, Azure, or Microsoft, this selection screen will not appear in subsequent logins. Instead, you will be directed automatically to the Home page . To manage or modify integrations, navigate to the "Integrations" section from the left panel in the dashboard. AWS Account Management Access AWS Integration Settings Log in to the Platform Sign in and open the platform dashboard. Navigate to AWS Integration First, select the respective account from the top-right corner of the platform. Choose the specific account for which you want to manage or update the AWS integration settings in the XOps portal. Open the profile menu located in the bottom-left corner of the platform interface. Click on your profile/email section to open the profile options. Select Accounts from the menu. You will be redirected to the Integrations page , where the AWS Accounts integration settings are available.   Updating the Account Name Edit the AWS Account Name Locate the Edit option next to the existing AWS account name. Click the Edit button to enable modifications. Save the New Name Enter the new AWS account name in the provided field. Click Proceed to confirm the changes. A success message will appear, indicating the account name update. Deleting Linked Account  Delete the AWS Account Locate the Delete  option next to the existing AWS account name. Click the Delete . Enter the Account Name Enter the AWS account name in the provided field. Click Delete Account  to confirm the changes. A success message will appear, indicating Account has been deleted. Note: There is currently no provision to delete AWS Management accounts from the Xops portal. To delete the account, submit a support request via the following link: Submit Support Request Request Submission Guidelines: Subject: Clearly state that the request is for AWS Management account deletion. Description: Provide a detailed explanation of your request, including relevant account details and the reason for deletion. Once submitted, our support team will review your request and assist you accordingly. Azure Account Integration Link Azure Account  Navigating to the Integrations Page Log in to the Platform Access the platform and sign in using your credentials. Open the Integrations Section Locate the side navigation panel on the left. Click on the Integrations tab. Select Azure Integration On the Integrations page, you will see available options for AWS, Azure, and Microsoft accounts . Click on the Azure card to open the “Link a New Azure Account” page. Note:  Follow  Initiating Azure Integration s teps to Connect Azure Account in Xops 360, ensure that the following permissions are assigned  Initiating Azure Integration Registering an Application in Azure Navigate to the Azure Portal . In the search bar, enter App Registrations and select it from the results. Click on New Registration . Register the application: Provide a name for the application. Under Supported account types , select Accounts in this organizational directory only if not set by default. Click Register to complete the process. Assigning Entra ID Permissions In the Azure Portal , search for Entra ID and select it. Navigate to Properties , then locate the setting Access management for Azure resources and toggle it to Yes . Go to Overview , and in the left navigation pane, click Roles and Administrators . Search for Global Reader and select it. Under Assignments , search for the application registered in the previous step, select it, and click Add to grant the Global Reader role to the application. Assigning Management Group Permissions In the  Azure Portal , search for Management Groups and select it. Navigate to Tenant Group and select the relevant Subscription . In the left navigation pane, go to Access Control (IAM) and click Add , then select Add Role Assignment . Under Roles , search for Reader , select it, and click Next . Under Members , click Select members , search for the application name created earlier, and select it. Click Select , then Review + Assign to complete the role assignment. Assigning Key Vault Reader Permissions (If Applicable) Follow the same steps as assigning Global Reader permissions to grant Key Vault Reader permissions. If Key Vaults are configured with Access Policies (instead of RBAC ), explicit permissions must be assigned to the application: Grant List/Get Keys and List Secrets permissions for each Key Vault. Assigning Cost Management Reader Permissions (If Applicable) Follow the same steps as assigning Global Reader permissions to grant Cost Management Reader permissions. Grant Cost Management Reader permissions to the application at the required scope (Management Group, Subscription, or Resource Group) to allow read-only access to cost and usage information. Assigning Billing Reader Permissions (If Applicable) Follow the same steps as assigning Global Reader permissions to grant Billing Reader permissions. Grant Billing Reader permissions to the application at the required billing scope to allow read-only access to billing information, invoices, and payment details. Adding a Certificate for Authentication Navigate to the previously created Application Registration . Copy the Application (Client) ID and Directory (Tenant) ID . Access the  Xops 360 Portal and navigate to Integrations , Select Azure icon then click on  Add Account . Enter a friendly name for the account. Provide the App ID and Tenant ID copied earlier. Click Generate Public Key & Download the generated key. Return to the Azure Portal , open the application, and go to Manage > Certificates & Secrets . Click Upload Certificate , select the certificate file downloaded earlier, and click Add to complete the upload process. Note: For any challenges, please contact our support team at support@axiomio.com First-Time Login Experience When you log in for the first time, you will be prompted to select your preferred cloud service or platform (AWS, Azure, or Microsoft). This selection is required to establish the initial account connection. Once your account is successfully connected to AWS, Azure, or Microsoft, this selection screen will not appear in subsequent logins. Instead, you will be directed automatically to the Home page . To manage or modify integrations, navigate to the "Integrations" section from the left panel in the dashboard. Managing Azure Subscriptions Access the Subscription Management Page Log in to the platform with your credentials. Navigate to the  Integrations section, Select Azure icon. Select the connected  Azure account to access the Subscription Management page. Connecting Azure Subscriptions Edit the Connected Azure Account Locate the Azure account under  Integrations . Click  Edit to open the subscription management interface. View and Select Subscriptions List of Subscriptions : Displays all available Azure subscriptions. Selected Subscriptions : Highlights currently connected subscriptions. Select Desired Subscriptions Review the list of available subscriptions. Check the boxes next to the subscriptions you want to connect. Apply Changes Click  Update to save and apply changes. Newly added subscriptions will be available in the platform. Disconnecting Azure Subscriptions Edit the Connected Azure Account Go to the  Integrations section and locate the Azure account. Click  Edit to manage the account’s subscriptions. Deselect Subscriptions Under  Selected Subscriptions , uncheck the subscriptions you want to disconnect. Apply Changes Click Update to finalize changes. The deselected subscriptions will no longer be associated with your account. Microsoft 365 Account Integration Navigating to the Integrations Page Log in to the Platform Access the platform and sign in using your credentials. Open the Integrations Section Locate the side navigation panel on the left. Click on the Integrations tab. Select Microsoft Integration On the Integrations page, you will see available options for AWS, Azure, and Microsoft accounts . Click on the Microsoft card then click on M365 to open the “Link a New Microsoft Account” page. Note:  Follow Initiating M365 Integration s teps to Connect Microsoft 365 Account in Xops 360, ensure that the following permissions are assigned  Initiating M365 Integration Registering an Application and configuration in Microsoft Entra Admin center Navigate to the  Microsoft Entra Admin Center Portal . In the search bar, enter App Registrations and select it from the results. Click on New Registration . Register the application: Provide a name for the application. Under Supported account types , select Accounts in this organizational directory only if not set by default. Click Register to complete the process. Navigate to Manage and click on API Permissions . Click on Add a permission . Select APIs my organization uses and search for Office 365 Exchange Online , then click on it. Choose Application permissions , search for Exchange.ManageAsApp , select it, and click Add permissions . Click on Grant admin consent and confirm by selecting Yes in the confirmation popup. Assigning Entra ID Permissions In the Azure Portal , search for Entra ID and select it. Go to Overview , and in the left navigation pane, click Roles and Administrators . Search for Global Reader and select it. Under Assignments , search for the application registered in the previous step, select it, and click Add to grant the Global Reader role to the application. Adding a Certificate for Authentication Navigate to the previously created Application Registration . Copy the Application (Client) ID and Directory (Tenant) ID . Go to Domain names, copy the Organization ID Access the Xops 360 Portal and navigate to Integrations , Select Microsoft  icon then click on  Add Account for Microsoft . Enter a friendly name for the account. Provide the App ID, Tenant ID copied earlier. Provide the Organization ID copied earlier. Click Generate Public Key & Download the generated key. Return to the Microsoft Entra Admin center Portal , open the application, and go to Manage > Certificates & Secrets . Click Upload Certificate , select the certificate file downloaded earlier, and click Add to complete the upload process. Note: The M365 scan requires all users/accounts to have the O365_BUSINESS_PREMIUM license; missing licenses may cause scan failure. Note: For any challenges, please contact our support team at support@axiomio.com First-Time Login Experience When you log in for the first time, you will be prompted to select your preferred cloud service or platform (AWS, Azure, or Microsoft). This selection is required to establish the initial account connection. Once your account is successfully connected to AWS, Azure, or Microsoft, this selection screen will not appear in subsequent logins. Instead, you will be directed automatically to the Home page . To manage or modify integrations, navigate to the "Integrations" section from the left panel in the dashboard. Microsoft Entra ID Account Integration Navigating to the Integrations Page Log in to the Platform Access the platform and sign in using your credentials. Open the Integrations Section Locate the side navigation panel on the left. Click on the Integrations tab. Select Microsoft Integration On the Integrations page, you will see available options for AWS, Azure, and Microsoft accounts . Click on the Microsoft card then click on M365 to open the “Link a New Microsoft Account” page. Initiating Entra ID Integration Registering an Application and configuration in Microsoft Entra Admin center Navigate to the  Microsoft Entra Admin Center Portal . In the search bar, enter App Registrations and select it from the results. Click on New Registration . Register the application: Provide a name for the application. Under Supported account types , select Accounts in this organizational directory only if not set by default. Click Register to complete the process. Navigate to Manage and click on API Permissions . Click on Add a permission . Select Microsoft APIs and click on  Microsoft Graph . Choose Application permissions , search for AccessReview.Read.All , select it, and click Add permissions . Click on Grant admin consent and confirm by selecting Yes in the confirmation popup. Assigning Entra ID Permissions In the Azure Portal , search for Entra ID and select it. Go to Overview , and in the left navigation pane, click Roles and Administrators . Search for Global Reader and select it. Under Assignments , search for the application registered in the previous step, select it, and click Add to grant the Global Reader role to the application. Adding a Certificate for Authentication Navigate to the previously created Application Registration . Copy the Application (Client) ID and Directory (Tenant) ID . Go to Domain names, copy the Organization ID Access the Xops 360 Portal and navigate to Integrations , Select Microsoft  icon then click on  Add Account for Microsoft . Enter a friendly name for the account. Provide the App ID, Tenant ID copied earlier. Click Generate Public Key & Download the generated key. Return to the Microsoft Entra Admin center Portal , open the application, and go to Manage > Certificates & Secrets . Click Upload Certificate , select the certificate file downloaded earlier, and click Add to complete the upload process. Note: For any challenges, please contact our support team at support@axiomio.com First-Time Login Experience When you log in for the first time, you will be prompted to select your preferred cloud service or platform (AWS, Azure, or Microsoft). This selection is required to establish the initial account connection. Once your account is successfully connected to AWS, Azure, or Microsoft, this selection screen will not appear in subsequent logins. Instead, you will be directed automatically to the Home page . To manage or modify integrations, navigate to the "Integrations" section from the left panel in the dashboard. EKS Integration Link EKS Account  Navigating to the Integrations Page Log in to the Platform Access the platform and sign in using your credentials. Open the Integrations Section Locate the side navigation panel on the left. Click on the  Integrations  tab. Select EKS Integration On the Integrations page, you will see available options for  AWS, Azure, Microsoft accounts and EKS . Click on the EKS  card  to open the “Link a New AWS Account” page.                                                                   Initiating Account Integration Access Setup Instructions Click the  Information ("i") button  to view step-by-step setup guidance. Retrieve AWS Role ARN Follow the setup guide to create a required  Cloud Formation stack  in the AWS  Management  Console. Once the stack is created, navigate to the  Outputs tab  in the stack details page. Copy the  AWS Role ARN  from the output. Configure AWS Integration Return to the platform’s  AWS Integration  page. Provide a suitable name in the  AWS Account Name  field. Paste the copied  AWS Role ARN  into the designated field. Click  Connect to finalize the integration.                         Note: For any challenges, please contact our support team at   support@axiomio.com First-Time Login Experience When you log in for the first time, you will be prompted to select your preferred  cloud service or platform  (AWS, EKS Azure, or Microsoft). This selection is required to establish the initial account connection. Once your account is successfully connected to AWS, Azure, or Microsoft, this selection screen  will not appear  in subsequent logins. Instead, you will be directed  automatically to the Home page . To manage or modify integrations, navigate to the  "Integrations" section from the left panel in the dashboard.