diff --git a/lib/config/database.go b/lib/config/database.go
index 91a492a098bee..e0bee3ee7e9f2 100644
--- a/lib/config/database.go
+++ b/lib/config/database.go
@@ -115,6 +115,40 @@ db_service:
     tags:
       "*": "*"
   {{- end }}
+  {{- if or .AzureMySQLDiscoveryRegions .AzurePostgresDiscoveryRegions }}
+  # Matchers for registering Azure-hosted databases.
+  azure:
+  {{- end }}
+  {{- if or .AzureMySQLDiscoveryRegions }}
+  # Azure MySQL databases auto-discovery.
+  # For more information about Azure MySQL auto-discovery: https://goteleport.com/docs/database-access/guides/azure-postgres-mysql/
+  - subscriptions: ["*"]
+    resource_groups: ["*"]
+    types: ["mysql"]
+    # Azure regions to register databases from.
+    regions:
+    {{- range .AzureMySQLDiscoveryRegions }}
+    - {{ . }}
+    {{- end }}
+    # Azure resource tags to match when registering databases.
+    tags:
+      "*": "*"
+  {{- end }}
+  {{- if or .AzurePostgresDiscoveryRegions }}
+  # Azure Postgres databases auto-discovery.
+  # For more information about Azure Postgres auto-discovery: https://goteleport.com/docs/database-access/guides/azure-postgres-mysql/
+  - subscriptions: ["*"]
+    resource_groups: ["*"]
+    types: ["postgres"]
+    # Azure regions to register databases from.
+    regions:
+    {{- range .AzurePostgresDiscoveryRegions }}
+    - {{ . }}
+    {{- end }}
+    # Azure resource tags to match when registering databases.
+    tags:
+      "*": "*"
+  {{- end }}
   # Lists statically registered databases proxied by this agent.
   {{- if .StaticDatabaseName }}
   databases:
@@ -294,6 +328,12 @@ type DatabaseSampleFlags struct {
 	AuthToken string
 	// CAPins are the SKPI hashes of the CAs used to verify the Auth Server.
 	CAPins []string
+	// AzureMySQLDiscoveryRegions is a list of regions Azure auto-discovery is
+	// configured to discover MySQL servers in.
+	AzureMySQLDiscoveryRegions []string
+	// AzurePostgresDiscoveryRegions is a list of regions Azure auto-discovery is
+	// configured to discover Postgres servers in.
+	AzurePostgresDiscoveryRegions []string
 	// RDSDiscoveryRegions is a list of regions the RDS auto-discovery is
 	// configured.
 	RDSDiscoveryRegions []string
diff --git a/lib/config/database_test.go b/lib/config/database_test.go
index 25e5cfa54a0d1..c9b2c5c56c6c9 100644
--- a/lib/config/database_test.go
+++ b/lib/config/database_test.go
@@ -67,6 +67,28 @@ func TestMakeDatabaseConfig(t *testing.T) {
 		require.ElementsMatch(t, flags.RedshiftDiscoveryRegions, databases.AWSMatchers[0].Regions)
 	})
 
+	t.Run("AzureMySQLAutoDiscovery", func(t *testing.T) {
+		flags := DatabaseSampleFlags{
+			AzureMySQLDiscoveryRegions: []string{"eastus", "eastus2"},
+		}
+
+		databases := generateAndParseConfig(t, flags)
+		require.Len(t, databases.AzureMatchers, 1)
+		require.ElementsMatch(t, []string{"mysql"}, databases.AzureMatchers[0].Types)
+		require.ElementsMatch(t, flags.AzureMySQLDiscoveryRegions, databases.AzureMatchers[0].Regions)
+	})
+
+	t.Run("AzurePostgresAutoDiscovery", func(t *testing.T) {
+		flags := DatabaseSampleFlags{
+			AzurePostgresDiscoveryRegions: []string{"eastus", "eastus2"},
+		}
+
+		databases := generateAndParseConfig(t, flags)
+		require.Len(t, databases.AzureMatchers, 1)
+		require.ElementsMatch(t, []string{"postgres"}, databases.AzureMatchers[0].Types)
+		require.ElementsMatch(t, flags.AzurePostgresDiscoveryRegions, databases.AzureMatchers[0].Regions)
+	})
+
 	t.Run("StaticDatabase", func(t *testing.T) {
 		flags := DatabaseSampleFlags{
 			StaticDatabaseName:           "sample",
diff --git a/tool/teleport/common/teleport.go b/tool/teleport/common/teleport.go
index f17da2d110111..1d97313e2a76a 100644
--- a/tool/teleport/common/teleport.go
+++ b/tool/teleport/common/teleport.go
@@ -238,6 +238,8 @@ func Run(options Options) (app *kingpin.Application, executedCommand string, con
 	dbConfigureCreate.Flag("redshift-discovery", "List of AWS regions in which the agent will discover Redshift instances.").StringsVar(&dbConfigCreateFlags.RedshiftDiscoveryRegions)
 	dbConfigureCreate.Flag("elasticache-discovery", "List of AWS regions in which the agent will discover ElastiCache Redis clusters.").StringsVar(&dbConfigCreateFlags.ElastiCacheDiscoveryRegions)
 	dbConfigureCreate.Flag("memorydb-discovery", "List of AWS regions in which the agent will discover MemoryDB clusters.").StringsVar(&dbConfigCreateFlags.MemoryDBDiscoveryRegions)
+	dbConfigureCreate.Flag("azure-mysql-discovery", "List of Azure regions in which the agent will discover MySQL servers.").StringsVar(&dbConfigCreateFlags.AzureMySQLDiscoveryRegions)
+	dbConfigureCreate.Flag("azure-postgres-discovery", "List of Azure regions in which the agent will discover Postgres servers.").StringsVar(&dbConfigCreateFlags.AzurePostgresDiscoveryRegions)
 	dbConfigureCreate.Flag("ca-pin", "CA pin to validate the auth server (can be repeated for multiple pins).").StringsVar(&dbConfigCreateFlags.CAPins)
 	dbConfigureCreate.Flag("name", "Name of the proxied database.").StringVar(&dbConfigCreateFlags.StaticDatabaseName)
 	dbConfigureCreate.Flag("protocol", fmt.Sprintf("Proxied database protocol. Supported are: %v.", defaults.DatabaseProtocols)).StringVar(&dbConfigCreateFlags.StaticDatabaseProtocol)