The current Azure integration in Rewst requires adding the integration to each tenant individually, as GDAP permissions do not apply to Azure subscriptions. This limitation poses a significant scalability issue for managing hundreds or thousands of Azure subscriptions.

The existing integration method is not sustainable for large-scale Azure subscription management. There is a need for a more scalable solution for customers with a large number of Azure subscriptions to be managed.

- Leverage GDAP: Use GDAP permissions during the integration setup to install a managed identity for backend authentication. This managed identity would have the necessary permissions to manage tenant Azure resources individually.

- Authentication Logic: Modify the authentication logic for Azure integration commands to use the managed service principal.

- Key Vault and Role Assignment: Create a key vault and assign roles to the managed user identity (e.g., owner over the subscriptions) to enable secure access to Azure resources.

- Managed Identity: Use Azure Logic Apps with managed identities for authentication and authorization, providing a secure way to invoke Azure APIs without explicit credentials.

The proposed solutions aim to address the scalability issue in managing Azure subscriptions by leveraging managed identities and GDAP permissions. Implementing these solutions would enhance Rewst's capability to manage large numbers of Azure subscriptions efficiently and securely.