Is there anyone Scanning their AZURE ENVIROMENT?

I was wondering if anyone is scanning their Azure environment with InsightVM- if you are are you using an agent-based, or on-prem or Azure scan engine (as documentation insinuates?)

We are scanning using agent-based. We will have an Azure scan engine at some point when our footprint increases there.
We do the same in AWS

How are you authenticating to all of these devices globally >?

AWS: SSH keys but they are in an auto-scaling group so the management is the main image primarily.
Azure: JIT access

We have a small presence there so it’s fairly easy at this point. We use more serverless services so we have more scalable controls on the cloud platform itself.

With a larger presence, I would think you could have VPN to the instance and add a Domain Controller in the cloud for Windows (OR Unix) and control accounts and permissions that way. That would be the suggested model if we were to go that route

is anyone doing this in a separate console? What does scanning look like in the GUI same or does it create cloud site or throw it in to the agent site?