# Azure
## Overview In this section, you will learn how to rotate user credentials within the Azure network environment across various target systems. Rotation works on the devices configured and attached to the Azure Active Directory (Azure AD) which can also be your default directory. KeeperPAM can rotate the password for Azure AD users, service accounts, local admin users, local users, managed services, databases and more. ### KeeperPAM Record Types Configurations for the Azure Active Directory are defined in the **PAM Configuration** section of Keeper Secrets Manager. Configurations for the Azure AD joined devices are defined in the **PAM Directory, PAM Machine,** and **PAM Database** record types. The credentials and user accounts are defined in **PAM User** records. The following table shows the supported Azure AD joined devices with Keeper Rotation and their corresponding PAM Record Type: | Azure AD Joined Device | Corresponding PAM Record Type | | ------------------------ | ----------------------------- | | Azure AD Domain Services | PAM Directory | | Virtual Machines | PAM Machine | | Managed Databases | PAM Database | ## Prerequisites for Rotation Prior to rotating user credentials within your Azure environment, you need to make sure you have the following information and configurations in place: 1. All Azure AD joined devices that you want to use with Rotation need to be created and configured within your Azure Active Directory 2. To successfully configure and setup Rotation within your Azure Network, the following values are needed for your [PAM Configuration](/keeperpam/privileged-access-manager/getting-started/pam-configuration.md):
FieldDescription
Client IDThe application/client id (UUID) of the Azure application
Client SecretThe client credentials secret for the Azure application
Subscription IDThe UUID of your subscription to use Azure services (i.e. Pay-As-You-GO)
Tenant IDThe UUID of the Azure Active Directory
3. Make sure all the Azure services or Azure AD joined devices you plan on using for rotation have access to the Azure Active Directory. 4. Create a custom role to allow application to access/perform actions on various Azure resources. For more information see the [Azure Environment Setup](/keeperpam/privileged-access-manager/getting-started/pam-configuration/azure-environment-setup.md) document. ## Setup Steps At a high level, the following steps are needed to successfully rotate passwords on your Azure network: 1. Create Shared Folders to hold the PAM records involved in rotation 2. Create PAM Machine, PAM Database and PAM Directory records representing each resource 3. Create PAM User records that contain the necessary account credentials for each resource 4. Link the PAM User record to the PAM Resource record. 5. Assign a Secrets Manager Application to all of the shared folders that hold the PAM records 6. Install a Keeper Gateway and add it to the Secrets Manager application 7. Create a PAM Configuration with the Azure environment setting 8. Configure Rotation settings on the [PAM User](/keeperpam/privileged-access-manager/getting-started/pam-resources/pam-user.md) records ### Use Cases: * [Azure AD Users](/keeperpam/privileged-access-manager/password-rotation/rotation-use-cases/azure/azure-ad-users.md) * [Azure VM Local Users](/keeperpam/privileged-access-manager/password-rotation/rotation-use-cases/azure/azure-vm-user-accounts.md) * [Azure Managed Database](/keeperpam/privileged-access-manager/password-rotation/rotation-use-cases/azure/managed-database.md) * [Azure App Secret](/keeperpam/privileged-access-manager/password-rotation/rotation-use-cases/azure/azure-client-secret-rotation.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.keeper.io/keeperpam/privileged-access-manager/password-rotation/rotation-use-cases/azure.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.