ComplyJet's Azure integration gives you always-on visibility across your entire Microsoft cloud stack — virtual machines, storage, relational databases, Cosmos DB, containers, serverless, and identity. The moment you connect your Azure subscription, ComplyJet begins pulling configuration and runtime state directly from Azure APIs, mapping every signal to 20+ security and privacy frameworks including SOC 2, ISO 27001, HIPAA, and GDPR — and surfacing drift the instant it appears.
Whether you run a handful of VMs and a managed SQL database or a full microservices architecture spanning AKS, Azure Functions, and multiple storage accounts, ComplyJet turns your entire Azure footprint into a single, always-current source of audit-ready evidence — built for the speed and budgets of SaaS startups.
24/7
Continuous monitoring
Compliance automation
How ComplyJet automates SOC 2 / ISO 27001 for Azure
Proving your Azure environment is secure used to mean navigating resource configuration screens, manually checking NSG rules, verifying backup retention across every database, and compiling screenshots before each audit. Most teams spend weeks on this — and the evidence is already stale by the time it lands in the auditor's inbox.
1
Connect once
Register a read-only App Registration in Azure Active Directory — ComplyJet guides you through assigning the Reader role at subscription scope. No user accounts, no elevated permissions, takes under 10 minutes.
2
Monitor continuously
ComplyJet polls your Azure subscriptions around the clock, tracking configuration state across compute, storage, databases, identity, and networking across every region you use.
3
Collect evidence automatically
Every passing and failing check is timestamped and stored as audit evidence — no screenshots, no spreadsheets, no last-minute scramble before the auditor arrives.
4
Get alerted on drift
The moment a misconfiguration appears — a storage account opens to public, MFA lapses, a backup is disabled — ComplyJet flags it in real time so your team can remediate before it becomes an audit finding.
The result: your SOC 2 and ISO 27001 evidence is always current, your auditor gets a clean documented trail, and your engineers never have to stop shipping to prepare for a review.
See the Azure integration live
30 minutes. We'll walk through exactly how ComplyJet monitors your Azure environment, collects evidence, and maps checks to SOC 2, ISO 27001, and HIPAA.
Book a Demo →
Azure resources
What Resources does ComplyJet sync from Azure?
ComplyJet pulls and monitors the following Azure services in real time. Click any resource to see what's tracked.
Azure Virtual Machines
Network Security Group attachments, SSH inbound rule configuration, and CPU utilization alarm coverage for every VM in scope.
Azure Virtual Machine Scale Sets
Scale set configuration and network settings tracked for inventory and compliance context.
Azure Storage
Storage accounts, encryption settings, blob container versioning status, public access configuration, and activity monitoring alarm coverage.
Azure SQL Database
Encryption (TDE) settings, backup retention configuration, and alarm coverage for CPU, free memory, free storage space, and read I/O.
Azure Database for MySQL
Encryption at rest settings, backup configuration, and alarm coverage for CPU, free storage space, and read I/O.
Azure Database for PostgreSQL
Encryption at rest settings, backup configuration, and alarm coverage for CPU, free storage space, and read I/O.
Azure Cosmos DB
Backup policy settings, encryption configuration, and request volume alarm coverage.
Azure Functions
Function app configuration and deployment settings tracked for inventory.
Azure Container Apps
Container app configuration and networking settings tracked for inventory.
Azure Container Registry
Registry settings and access control configuration tracked for inventory.
Azure Kubernetes Service (AKS)
Cluster configuration and networking settings tracked for inventory.
Microsoft Entra ID
Users, groups, MFA status per account, and account-to-employee mapping for access reviews.
Azure Network Security Groups
Inbound security rules, SSH access restrictions, and NSG attachments across all monitored resources.
Azure Subscription
Diagnostic settings and activity log archival configuration at the subscription level.
Continuous checks
What automated tests does ComplyJet run on Azure?
ComplyJet covers every critical security dimension of your Azure environment — identity, compute, storage, databases, networking, and audit logging — continuously, with every result stored as audit evidence. Click any area to see the checks.
Identity & Access
Entra ID users, MFA, account lifecycle
Admin accounts protected with multi-factor authentication: Verifies MFA is enforced on all Azure user accounts with console access.
Cloud access revoked on employee departure: Verifies no active Azure accounts are mapped to former employees.
Shared account use detected and flagged: Ensures every Azure account is linked to exactly one individual.
Virtual Machines
NSG attachment, SSH access, CPU monitoring
Network security group attached to every virtual machine: Confirms at least one NSG is applied to each VM in scope.
Remote shell access blocked from public internet: Verifies that SSH is not reachable from public IP ranges on any virtual machine.
Virtual machine CPU utilization monitored and alarmed: Confirms an alert rule is active for CPU utilization on each VM.
Storage
Encryption, versioning, public access, monitoring
Storage accounts encrypted at rest: Verifies encryption is enabled on every storage account in scope.
Blob container version history preserved: Checks that versioning is enabled so blobs can be recovered after deletion or overwrite.
Public blob access blocked on all storage accounts: Confirms public container access is disabled at the storage account level.
Storage account activity monitored and alarmed: Verifies an alert rule is configured for storage account activity metrics.
Relational Databases — SQL, MySQL, PostgreSQL
Encryption, backups, performance monitoring across all managed database types
All relational database types encrypted at rest: Checks encryption settings across SQL (TDE), MySQL, and PostgreSQL instances.
Automated backups enabled across all managed databases: Verifies backup configuration is active on every SQL, MySQL, and PostgreSQL instance.
CPU utilization monitored and alarmed: Confirms alert rules are active for CPU on SQL, MySQL, and PostgreSQL instances.
Free storage space and read I/O monitored and alarmed: Checks alert rules for free storage space and read I/O across all relational database types.
SQL database free memory monitored and alarmed: Verifies a free memory alert rule is configured specifically for SQL database instances.
Cosmos DB
Encryption, backups, request monitoring
Cosmos DB encrypted at rest: Confirms encryption is enabled on every Cosmos DB account.
Cosmos DB automated backups enabled: Verifies backup policy is configured on every Cosmos DB account.
Cosmos DB request volume monitored and alarmed: Checks an alert rule is active for request metrics on each Cosmos DB account.
Networking & Audit
NSG-level SSH controls, subscription activity log archival
SSH access blocked at the network security group level: Verifies NSG rules do not permit inbound SSH from public IP ranges across monitored resources.
Subscription activity logs archived to durable storage: Confirms diagnostic settings route subscription activity logs to a storage account for retention.
Azure customers
Teams already running Azure with ComplyJet
Real startups. Real Azure stacks. Real audit outcomes.
Setup
How to Integrate Azure with ComplyJet
Takes under 10 minutes. No code required — just a read-only App Registration in Azure Active Directory.
1
Log in to ComplyJet and go to Integrations
Find Azure in the integrations list and click Connect.
2
Create a read-only App Registration in Azure Active Directory
ComplyJet guides you through registering an application and assigning it the Reader role at subscription scope — read-only access only, no write permissions required.
3
Enter your Tenant ID, Client ID, and Client Secret
ComplyJet validates the connection and confirms which subscriptions are in scope.
4
ComplyJet begins syncing immediately
Your Azure resources appear in the inventory within minutes, automated checks start running, and evidence collection begins.
Need help connecting multiple subscriptions or Azure tenants? Reach out to our support team.
Framework coverage
What Controls Are Automated Across SOC 2 / ISO 27001 / HIPAA
ComplyJet maps every Azure check to the relevant framework controls and maintains an always-current evidence record for your auditor.
SOC 2
Logical access, network security, monitoring, audit trail, availability
CC6.1
Logical access security: MFA enforcement across Entra ID accounts, access revocation on termination, unique account assignment.
CC6.6
Network access restrictions: NSG attachment on VMs, SSH access blocked at VM and NSG level.
CC6.8
Detection and prevention of unauthorized access: public blob access blocked, NSG-level SSH controls.
CC7.1
System monitoring: alert rule coverage across VMs, storage, and all managed database types.
CC8.1
Change management audit trail: subscription activity logs archived to durable storage.
A1.2
Recovery and availability: automated backups across SQL, MySQL, PostgreSQL, and Cosmos DB; blob versioning on storage.
ISO 27001
Access control, authentication, logging, network security, cryptography, backup
A.5.15
Access control: MFA enforcement, account uniqueness, access revocation on departure.
A.5.17
Authentication information: MFA required on all accounts, account lifecycle managed.
A.8.6
Capacity management: performance alarms for VM CPU, database CPU, memory, storage, and I/O.
A.8.15
Logging: subscription activity logs archived to storage for audit trail retention.
A.8.20
Network security: NSG attachment on all VMs, SSH blocked at VM and NSG level, public access blocked on storage.
A.8.24
Use of cryptography: encryption at rest across storage, SQL (TDE), MySQL, PostgreSQL, and Cosmos DB.
A.8.32
Information backup: automated backups for SQL, MySQL, PostgreSQL, and Cosmos DB; blob versioning for storage.
HIPAA
Access control, encryption, audit controls, integrity, transmission security
§164.312(a)(1)
Access control: MFA enforcement, unique user identification, access revocation on termination.
§164.312(a)(2)(i)
Unique user identification: each Azure account linked to one individual, shared accounts flagged.
§164.312(a)(2)(iv)
Encryption and decryption: encryption at rest across storage and all managed database services.
§164.312(b)
Audit controls: subscription activity logs archived to storage for durable retention.
§164.312(c)(2)
Integrity: blob versioning on storage, automated backups for all managed databases.
§164.312(e)(2)(ii)
Transmission security: SSH blocked at VM and NSG level, network access restricted to required protocols.
.svg){kind=logo}
.png)
.png)
.png)
