DataDog · git-thuerk-done · Nov 12, 2025 · Oct 27, 2025 · Oct 28, 2025 · Oct 28, 2025
@@ -1,6 +1,6 @@
 ---
 title: Cloudcraft in Datadog
-description: "Visualize and analyze AWS cloud infrastructure with live Cloudcraft diagrams in Datadog for troubleshooting, security analysis, and cost optimization."
+description: "Visualize and analyze AWS and Azure cloud infrastructure with live Cloudcraft diagrams in Datadog for troubleshooting, security analysis, and cost optimization."
 further_reading:
 - link: "https://www.datadoghq.com/blog/cloud-architecture-diagrams-cost-compliance-cloudcraft-datadog/"
   tag: "Blog"
@@ -19,60 +19,102 @@ Cloudcraft offers a powerful, live read-only visualization tool for cloud archit
 
 <div class="alert alert-info">This documentation applies to the Cloudcraft <em>in Datadog</em> product. For information on the standalone Cloudcraft product, please refer to the <a href="/cloudcraft">Cloudcraft (Standalone)</a> documentation.</div>
 
-Cloudcraft's core functionality is its ability to generate detailed architecture diagrams. These diagrams visually represent AWS cloud resources, allowing you to explore and analyze your environments. Cloudcraft's diagrams are optimized for clarity and performance, providing an intuitive interface for navigating large-scale deployments. This helps teams to:
+Cloudcraft's core functionality is its ability to generate detailed architecture diagrams. These diagrams visually represent AWS and Azure cloud resources, allowing you to explore and analyze your environments. Cloudcraft's diagrams are optimized for clarity and performance, providing an intuitive interface for navigating large-scale deployments. This helps teams to:
 
 - Trace incidents back to their root causes through infrastructure dependencies.
 - Determine if infrastructure is the cause of an incident, such as cross-region traffic causing latency or increased costs. 
 - Analyze and address the most relevant security misconfigurations.
 - Onboard new team members.
 - Accelerate incident MTTR and proactive governance tasks by simplifying infrastructure navigation.
 
-{{< img src="datadog_cloudcraft/cloudcraft_with_ccm_2.mp4" alt="Cloudcraft in Datadog video" video=true >}}
+{{< img src="datadog_cloudcraft/cloudcraft_with_azure_tab_2.mp4" alt="Video showing a Cloudcraft diagram in the security overlay. A resource is selected, opening a side panel with its details. The Changes option is selected from the left hand side of the side panel. In the Security section of the side panel, several misconfigurations are listed. The Investigate button next to one of the misconfigurations is clicked, opening a new side panel with details of the misconfiguration and a Next Steps section with options for Triage, Remediation, and More Actions" video=true >}}
 
-<div class="alert alert-info">Cloudcraft in Datadog is currently only available for AWS accounts.</a></div>
+<div class="alert alert-info">Cloudcraft in Datadog is only available for AWS and Azure accounts.</div>
 
-### Prerequisites
+## Prerequisites
+
+{{< tabs >}}
+{{% tab "AWS" %}}
 
 - To access Cloudcraft in Datadog, you need the `cloudcraft_read` [permission](#permissions).
 - [Resource collection][2] must be enabled for your AWS accounts.
 - For the best experience, Datadog strongly recommends using the AWS-managed [`SecurityAudit`][5] policy, or the more permissive [`ReadOnlyAccess`][6] policy.
+
 - Viewing content on the [Security overlay][10] requires additional products to be enabled:
   - To view security misconfigurations and identity risks, [Cloud Security][3] must be enabled.
   - To view sensitive data, [Sensitive Data Scanner][12] must be enabled. For a user to turn the layer on, they must have the [`data_scanner_read`][13] permission.
 
 **Note**: Cloudcraft adapts to restrictive permissions by excluding inaccessible resources. For example, if you don't grant permission to list S3 buckets, the diagram excludes those buckets. If permissions block certain resources, an alert displays in the UI.
 
-<div class="alert alert-warning">Enabling resource collection can impact your AWS CloudWatch costs. To avoid these charges, disable <strong>Usage</strong> metrics in the <strong>Metric Collection</strong> tab of the <a href="https://app.datadoghq.com/integrations/amazon-web-services">Datadog AWS Integration</a>.<br/>
+<div class="alert alert-warning">
+Enabling resource collection can impact your AWS CloudWatch costs. To avoid these charges, disable <strong>Usage</strong> metrics in the <strong>Metric Collection</strong> tab of the <a href="https://app.datadoghq.com/integrations/amazon-web-services">Datadog AWS Integration</a>.
+</div>
+
+{{< img src="/infrastructure/resource_catalog/aws_usage_toggle.png" alt="The Usage service highlighted in the Metric Collection tab of the AWS integration tile" style="width:100%;" >}}
+
+[2]: /integrations/amazon_web_services/#resource-collection
+[3]: /security/cloud_security_management
+[5]: https://docs.aws.amazon.com/aws-managed-policy/latest/reference/SecurityAudit.html
+[6]: https://docs.aws.amazon.com/aws-managed-policy/latest/reference/ReadOnlyAccess.html
+[10]: /datadog_cloudcraft/overlays#security
+[12]: /security/sensitive_data_scanner
+[13]: /account_management/rbac/permissions/#compliance
+
+{{% /tab %}}
+{{% tab "Azure" %}}
+
+- To access Cloudcraft in Datadog, you need the `cloudcraft_read` [permission](#permissions).
+- You need the Datadog Admin Role, or any role with the `azure_configurations_manage` permission. See the [Azure setup][16] instructions for more information.  
 
-{{< img src="/infrastructure/resource_catalog/aws_usage_toggle.png" alt="AWS Usage toggle in account settings" style="width:100%;" >}}</div>
+- Enable [resource collection][14] for your Azure accounts:
+  1. Navigate to [**Integrations > Azure**][15].
+  2. Add your Azure subscription by selecting **+ Add New App Registration** if not already added.
+  3. Select the App Registration containing your Azure subscription.
+  4. On the Resource Collection tab, ensure the **Enable Resource Collection** toggle is enabled.
+
+- Viewing content on the [Security overlay][10] requires additional products to be enabled:
+  - To view security misconfigurations and identity risks, [Cloud Security][3] must be enabled.
+  - To view sensitive data, [Sensitive Data Scanner][12] must be enabled. For a user to turn the layer on, they must have the [`data_scanner_read`][13] permission.
+
+[3]: /security/cloud_security_management
+[10]: /datadog_cloudcraft/overlays#security
+[12]: /security/sensitive_data_scanner
+[13]: /account_management/rbac/permissions/#compliance
+[14]: /getting_started/integrations/azure/
+[15]: https://app.datadoghq.com/integrations/azure
+[16]: /integrations/guide/azure-manual-setup/?tab=azurecli#setup
+
+{{% /tab %}}
+{{< /tabs >}}
 
 ## Getting started
 
 To get started using Cloudcraft, use the following steps:
 1. Navigate to [**Infrastructure > Resources > Cloudcraft**][7]. 
 2. A real-time diagram of the resources is displayed in your environment.
 
- **Note**: For environments with more than 10,000 resources, you must filter the diagram by account, region, or tags before it can be displayed.
+**Note**: If your environment has more than 10,000 resources, filter the diagram by account, region, or tags to display it.
 
-{{< img src="datadog_cloudcraft/getting_started_3.mp4" alt="Video showing getting started in Cloudcraft by selecting the Account, Region, and Resource" video=true;" >}}
+{{< img src="datadog_cloudcraft/getting_started.png" alt="Getting started in Cloudcraft, displaying a list of resources for the selected account and region" style="width:100%;" >}}
 
-**Note**: The account name in the **Account** dropdown originates from your AWS account tags in the AWS integration tile.
+<div class="alert alert-tip">The account name in the <strong>Account</strong> dropdown comes from your AWS account tags in the AWS integration tile. For Azure, the <strong>Subscription</strong> name comes from the subscription name in your Azure integration tile's list of managed subscriptions.
+</div>
 
 ### Group By
 
 With Group By, Cloudcraft divides your diagram into distinct sections based on different group types. This feature offers a clear and organized perspective of your resources, making it especially helpful for visualizing complex cloud environments.
 
-Enable the **Show All Controls** toggle to display the available **Group By** options. You can also remove specific groupings by unchecking options like VPC and Region. To view the current nesting structure and add the Network ACL (Network Access Control List) layer, click the **More** dropdown.
+Enable the **Show All Controls** toggle to display the available **Group By** options. You can remove specific groupings by unchecking options like VPC and Region. To view the current nesting structure and add the Network ACL (Network Access Control List) layer, click the **+ Tags** menu.
 
-{{< img src="datadog_cloudcraft/cloudcraft_group_by_with_ccm.png" alt="Group by feature in Cloudcraft, highlighting the Group By menu" >}}
+{{< img src="datadog_cloudcraft/cloudcraft_group_by_with_network_acl.png" alt="Group by feature in Cloudcraft, highlighting the Group By menu." >}}
 
 #### Group by tags
 
-You can group resources by AWS tags, such as app, service, team, or cost center, to organize your view by team or workload.
+You can group resources by AWS and Azure tags, such as app, service, team, or cost center, to organize your view by team or workload. When grouping by tags, color-coded labels are displayed on each group. When grouping by the `service` tag, a raised block is displayed to visually indicate the service grouping.
 
-**Note**: Grouping by tags is supported for AWS tags only. Tags from the Datadog Agent (for example ,`env`, or `team` tags from local configuration) are not supported.
+**Note**: Grouping by tags is supported for AWS and Azure tags only. Tags from the Datadog Agent (for example, locally configured `env` or `team` tags) are not supported. 
 
-{{< img src="datadog_cloudcraft/group_by_tag.mp4" alt="Group by tag feature in Cloudcraft, grouping by Team and Cost Center" video=true >}}
+{{< img src="datadog_cloudcraft/cloudcraft_group_by_with_team_tags.png" alt="Cloudcraft landing page with Group by highlighted, and grouping by Team" >}}
 
 ### Saved views 
 
@@ -89,28 +131,25 @@ To apply a saved view to your diagram:
 
 Use the zoom and hover features to pinpoint the most critical resources. As you zoom in, additional resource names become visible. Hovering over a resource displays a panel with basic information, while clicking on a resource opens a side panel with observability, cost, and security data, along with cross-links to other relevant Datadog products.
 
-{{< img src="datadog_cloudcraft/cloudcraft_with_ccm_2.mp4" alt="Video showing the zoom and hover feature in Cloudcraft and clicking on a resource to open the side panel" video=true >}}
+{{< img src="datadog_cloudcraft/cloudcraft_with_security_2.mp4" alt="Video showing the zoom and hover feature in Cloudcraft and clicking on a resource to open the side panel" video=true >}}
 
 #### Projection toggle
 
 Toggle the projection from 3D (default) to 2D to visualize your resources from a top-down view.
 
-{{< img src="datadog_cloudcraft/cloudcraft_2D.png" alt="Cloudcraft landing page with the 2D toggle enabled" >}}
-
+{{< img src="datadog_cloudcraft/cloudcraft_2D_2.png" alt="Cloudcraft landing page with the 2D toggle enabled" >}}
 
 ### Filtering and search
 
 Diagrams can be filtered by tags, such as team, application, or service, allowing you to concentrate on relevant resources while maintaining context through connected resources. Additionally, Cloudcraft provides a powerful search and highlight feature, enabling ease of location of specific resources or groups of resources.
 
-Click the **\+Filter** menu to quickly filter your resources by commonly used tags such as service, team, region, and more. Additionally, click the **More Filters** option to filter by AWS tags, custom tags, and terraform tags. The filter option reloads the diagram to display only the infrastructure that matches the filter criteria.
-
-{{< img src="datadog_cloudcraft/cloudcraft_filter.png" alt="Filter feature in Cloudcraft" >}}
+Click the **+ Filter** menu to filter your resources by commonly used tags such as service, team, region, and more. Additionally, click the **More Filters** option to filter by AWS and Azure tags, custom tags, and Terraform tags. The filter option reloads the diagram to display only the infrastructure that matches the filter criteria.
 
 ### Search and highlight
 
-Use the search bar to locate resources on the diagram by name, ID, or tag. This feature is highly effective for finding specific resources within your cloud architecture. It highlights the search criteria in the diagram, without creating a new diagram, by greying out the elements that do not match the search criteria.
+Use the search bar to locate resources on the diagram by name, ID, or tag. This feature is effective for finding specific resources within your cloud architecture. It highlights the search criteria in the diagram, without creating a new diagram, by greying out the elements that do not match the search criteria.
 
-{{< img src="datadog_cloudcraft/search_highlight_2.mp4" alt="Video showing the search and highlight feature in Cloudcraft" video=true >}}
+{{< img src="datadog_cloudcraft/search_highlight_4.mp4" alt="Video showing the search and highlight feature in Cloudcraft" video=true >}}
 
 ## Permissions
 

@@ -29,7 +29,7 @@ The infrastructure view provides a broad overview, grouping resources by Account
 
 The infrastructure diagram excludes components like EBS, NAT Gateway, and Transit Gateway to reduce visual clutter and highlight the most important parts of your architecture.
 
-{{< img src="datadog_cloudcraft/overlays/cloudcraft_infra_diagram_with_ccm_2.png" alt="Infrastructure overlay in Cloudcraft" style="width:100%;" >}}
+{{< img src="datadog_cloudcraft/infra_overlay_4.png" alt="Infrastructure overlay in Cloudcraft." style="width:100%;" >}}
 
 ### Observability 
 
@@ -41,7 +41,7 @@ On the Observability overlay, you can take action on individual resources or gro
 - Click a resource group, such as a subnet or VPC, to open a side panel that allows you to apply bulk updates across all the hosts in that resource group.
 - To select multiple (but not all) hosts, hold down the <kbd>Command</kbd> key on Mac or the <kbd>Control</kbd> key on Windows while clicking on each host.
 
-{{< img src="datadog_cloudcraft/overlays/observability_overlay_with_fleet.mp4" alt="Observability overlay in Cloudcraft, showing the bulk update feature and navigating to Fleet Automation." video=true >}}
+{{< img src="datadog_cloudcraft/observability_overlay_with_fleet_2.mp4" alt="Observability overlay in Cloudcraft, clicking on a resource group, and opening the side panel to display the bulk update feature." video=true >}}
 
 In the bottom left legend, the **View Datadog coverage by** dropdown allows you to inspect the installation status for specific features. Each row shows:
 
@@ -92,19 +92,19 @@ By default, the security overlay shows Critical, High, and Medium severity misco
 
 You can click on any resource that has findings to open a side panel with more details, allowing deeper investigation without leaving the diagram. Click **Investigate** to get more context about the finding and learn how to remediate it.
 
-{{< img src="datadog_cloudcraft/overlays/cloudcraft_security_overlay_misconfigurations.png" alt="Security overlay in Cloudcraft with the misconfigurations filter applied, highlighting the collapsible legend in the bottom left of the screen, and the Investigate button on the side panel." style="width:100%;" >}}
+{{< img src="datadog_cloudcraft/overlays/cloudcraft_security_overlay_misconfigurations_2.png" alt="Security overlay in Cloudcraft with the misconfigurations filter applied in the collapsible legend in the bottom of the screen, and highlighting the Investigate button" style="width:100%;" >}}
 
 #### Investigate sensitive data
 
 You can view sensitive data matches for your S3 buckets. Click a resource with matches to learn more about the bucket's sensitive data matches. Then, hover over a filename and click its **Inspect in AWS** button.
 
-{{< img src="datadog_cloudcraft/overlays/cloudcraft_security_overlay_sensitive_data.png" alt="Security overlay in Cloudcraft with the sensitive data filter applied, highlighting the collapsible legend in the bottom left of the screen, and the Inspect in AWS button on the side panel." style="width:100%;" >}}
+{{< img src="datadog_cloudcraft/overlays/cloudcraft_security_overlay_sensitive_data_2.png" alt="Security overlay in Cloudcraft with the sensitive data filter applied, highlighting the collapsible legend in the bottom left of the screen, and the Inspect in AWS button on the side panel." style="width:100%;" >}}
 
 #### Investigate vulnerabilities
 
 View security vulnerability matches associated with your EC2 instances. Click a resource that has a matching vulnerability. This opens a side panel which provides detailed vulnerability data for a selected EC2 instance, including severity, affected packages, and exploit status. For deeper analysis, click **Investigate** to get more context about the vulnerability and learn how to remediate it.
 
-{{< img src="datadog_cloudcraft/overlays/cloudcraft_security_vuln.png" alt="Security overlay in Cloudcraft with the vulnerabilities filter applied, highlighting the collapsible legend in the bottom left of the screen, and the Investigate button on the side panel." style="width:100%;" >}}
+{{< img src="datadog_cloudcraft/overlays/cloudcraft_security_vuln_2.png" alt="Security overlay in Cloudcraft with the vulnerabilities filter applied, highlighting the collapsible legend in the bottom left of the screen, and the Investigate button on the side panel." style="width:100%;" >}}
 
 ### Cloud Cost Management 
 
@@ -123,7 +123,7 @@ Clicking a resource opens a detailed side panel with:
 
 This enables faster, in-context cost optimization without switching views.
 
-{{< img src="datadog_cloudcraft/cloudcraft_ccm_overlay_3.png" alt="Cloud Cost Management(CCM) overlay in Cloudcraft, highlighting the collapsible savings legend at the bottom left hand side of the screen." style="width:100%;" >}}
+{{< img src="datadog_cloudcraft/overlays/cloudcraft_ccm_overlay_4.png" alt="Cloud Cost Management (CCM) overlay in Cloudcraft, highlighting the recommendations option in the collapsible legend at the bottom left hand side of the screen." style="width:100%;" >}}
 
 ## Further reading