Workaround - Enable Security Configuration Audit for Microsoft Azure

When configuring your Microsoft Azure instance to use with Security Configuration Audit, Azure will ask for approval to connect multiple times. Skyhigh CASB asks for consent and forces the user to go through the approval process due to the consent parameter in the OAuth URL.

This is caused by configuring the security setting "App Approval Authorization Process" in your Azure tenant.

1. Go to Settings > Service Management and select your instance of Microsoft Azure. 
2. Proceed through the wizard steps and send for Approval. 
3. Log in to the Azure Portal using an admin user and approve the request. 

1. In the Azure instance, click Enable. 
2. A dialog opens. It redirects to a URL such as: 
   
   https://login.microsoftonline.com/common/oauth2/authorize?client_id=b23fb4a0-5258-45fc-949f-9294b514b6f7&response_type=code&prompt=consent&redirect_uri=https%3A%2F%2Fwww.myshn.net%2Fshndash%
2Fextensions%2Fofflinedlp_ret.jsp&state=somestatew==&resource=https%3A%2F%2Fmanagement.core.windows.net%2F
    
3. Copy the URL and close the dialog.
4. Open a new tab in the same browser window where you have logged in to Skyhigh CASB.
5. Paste the URL in the new tab, but remove the parameter &prompt=consent. Now it looks like:
   
   https://login.microsoftonline.com/common/oauth2/authorize?client_id=b23fb4a0-5258-45fc-949f-9294b514b6f7&response_type=code&redirect_uri=https%3A%2F%2Fwww.myshn.net%2Fshndash%
2Fextensions%2Fofflinedlp_ret.jsp&state=somestatew==&resource=https%3A%2F%2Fmanagement.core.windows.net%2F
    
6. If everything works, you will see a black screen. If there is an error, you will see an error message. Close this tab.
7. Go to Settings > Service Management and refresh the page. The Azure instance should appear as Enabled. 
8. Click Edit, go through the wizard, and save your changes. This makes sure that an On-Demand Scan is created for this instance. (This step is required.)