# Azure Container Registry Integrate Azure Container Registry with OX to centralize security findings alongside container, pipeline, cloud, and runtime signals already in OX. OX scans the Azure Container Registry on a schedule and on demand, enriches findings with OX context (application mapping, workflows, and compliance), and presents a unified queue for investigation and reporting. After you connect, Azure scan results appear in the Active issues page (use the filter **Source tool > Azure Container Registry**). ## What OX adds * **Context and correlation**: OX maps Azure findings to applications, services, and teams to show impact and ownership. * **Prioritization with severity factors:** OX may reprioritize scanner severities when exploitability and environment context reduce risk (for example, Critical → High). Severity factors explain why the priority changed. * **Evidence at a glance:** When available, OX displays scanner evidence, file locations, and remediation guidance alongside OX analytics to speed triage. ## Connection Methods For general information about connection methods, see[ Connection methods](/get-started/onboarding-to-ox/source-control/connection-methods.md). Connect to OX with Azure Tenant ID, Client ID, Subscription ID, and Client Secret you create for this connection. ## Prerequisites **OX** * OX permission to configure connectors **Azure Container Registry** * Admin permissions to the Azure account you want to connect. ## Connect with Azure credentials ### Step 1: Create the credentials \[Azure] This step has several parts. **Register an app** 1. Verify that the [prerequisites](#prerequisites) are in place. 2. Log in to your Azure account. 3. From the Home page, use **Search** to open the Microsoft Entra ID page. Enter ‘add’ to find it. 4. From your account home page, select **+Add** and select **App registration**.

5. In **Register an application**, enter a name and ensure that the single tenant option is selected.

6. Select **Register**. 7. In the **App** screen, the Application (Client) ID and the Directory (Tenant) ID display. Save them. You’ll need them later. **Assign roles** 1. From the header, use **Search** to locate the Subscriptions page.

2. Select the subscription. 3. From the Subscriptions page, select **Access Control (IAM)**.

4. In **Access control (IAM)**, select **+Add > Role assignment**. 5. In **Add role assignment,** select the reader permission and select **Next**. 6. On the next screen, select **+Select members** and select the app from the list on the right.

7. Select the **Select** button to continue. 8. On the next screen, select **Next**. 9. On the next screen, select **Review + assign**.This returns you to Subscription page > Access control (IAM). **Create a client secret** 1. Use **Search** to locate the Microsoft Entra ID page. 2. From the left menu pane, select **Manage > App registration**. 3. In **App registrations**, select the app you created.

4. From the App registrations menu pane, select **Certificates & secrets**.\ \ ![](/files/plUGgf7vVJfpOIy2YZ5h)
5. In **Certificates & secrets**, select **+ New client secret**.

6. Enter a name and expiry period. 7. Select **Add**. 8. The Secret value and Secret ID display. Copy and save them securely. You cannot view the Secret again.\ **Best practice:** Store the token in a secrets manager and set a reminder to rotate it according to your policy. 9. Next, open the Subscription page and copy the Subscription ID.\ You now have these four credentials: * Client ID * Tenant ID * Subscription ID * Token secret ### Step 2: Connect OX to Azure Container Registry \[OX] 1. Verify that the [prerequisites](#prerequisites) are in place. 2. In OX, go to **Connectors > Registry** and select **Azure Container Registry**.\ \ ![](/files/8PamyG9RX50xDILw6bsr)
3. In **Configure your Azure Container Registry credentials**, select the link **CONNECTION INSTRUCTIONS** to open an online summary of the connection process. 4. Enter the parameters you created: * Tenant ID * Client ID * Client Secret * Subscription ID 5. Select **CONNECT**. OX validates the credentials. 6. In **Configure your Azure credentials**, select **VERIFY CONNECTIVITY**.\ A green checkmark indicates a successful connection. If verification fails, check your credentials and permissions. #### Optional configurations * To change the images OX scans and monitors, see the section [Change the locations OX scans](#change-the-locations-ox-scans). * To connect more Azure accounts to the same organization in the OX platform, repeat the process. * For information on the OX Broker, see the article [OX Broker](/get-started/onboarding-to-ox/prerequisites-and-access/ox-broker.md). ## Change the locations OX scans Once you have a connection, you can change the locations that OX scans and monitors. 1. Use the **Gear** icon at the bottom of the Configuration screen. 2. OX displays the locations or objects that OX scans and monitors. 3. Change the selection as needed. 4. Select SAVE. ![](/files/ZERRqHcNkBhvA0kzSvuz)
--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.ox.security/ox-integrations/3rd-party-integrations/registry/azure-container-registry.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.