Microsoft Azure Resources
The Microsoft Azure discovery connection provides visibility on your virtual assets in Azure as they are created, used, and destroyed within the Azure infrastructure. Record the values for each of these fields. You will need to provide them during the Azure discovery connection creation setup.
Sectona PAM platform supports Microsoft Azure Cloud Discovery. Azure SDK 2.9 is integrated. The resource scan collects data from cloud providers using valid credentials for authenticating to cloud service provider API.
Before you begin
Ensure the required Azure portal is accessible from the Sectona Web Access server. You can open a direct communication to the Azure portal or enable the communication by configuring a proxy. Refer to proxy settings for configuring network proxy.
Ensure you have generated the credentials for configuring Azure discovery through PAM
Requirement | Description |
---|---|
Connectivity / Ports | Communication to be enabled to Azure portal from Sectona Web Access server. |
Credential | As a prerequisite, you should configure and register an app on the Microsoft Azure portal, which will be used in PAM for discovering the resources. Refer to Azure Documentation pages for more info on the Microsoft Azure portal app registration.
You can also generate the above values using Microsoft Azure CLI. Refer to installing Microsoft Azure CLI for setting up Microsoft Azure CLI on your machine. Refer to creating Microsoft Azure service principal for commands. |
Adding a Microsoft Azure resource scan Job
Select New Asset Discovery Job as Microsoft Azure resource scan in +Asset Discovery Tab
Attributes | Description |
---|---|
Job details | |
Job title | Enter a unique title for your scan job |
Tenant ID | Enter the Microsoft Azure Active Directory ID |
Client ID | This is Application ID generated when an application principal identity is created on the Microsoft Azure portal. |
Client Secret | This is the Application Secret, created for an application identity on the Microsoft Azure portal. |
Subscriptions | Enter the subscription for the Microsoft Azure account on which you want to discover the resources |
Password | Enter the password for authentication |
Schedule type | Select a schedule type whether you would like to initiate this job once or a recurring job. If you select a recurring job, you can choose the days on which this job must be executed. E.g., If you want to schedule a job every 2nd day at 5.00 p.m. from 1st Jan 2018 to scan your network, include the following details: Recur every: 2 days |
Task Start | Select the date when the task begins |
Schedule Time | You can either choose the "Any" or schedule a proper time from when to start the task and when to end the task |
Network proxy | If Sectona server cannot communicate with Azure directly, please provide valid proxy details to allow communication between Sectona server and Azure. |
Action | |
Onboard assets | To start a scan manually with an option to add assets to specify profiles, click the Onboard asset as 'No'. If you wish to include assets automatically to existing groups and attributes, select option 'Yes' |
Description(optional) | Added text will be included in every asset description field |
Location(optional) | Added location field will be included in every asset location. You can configure the system management location here |
Criticality level(optional) | Added critical field will be included in every asset. This is important while structuring reports and notifications. Refer to section Criticality level for more information about adding criticality level. |
Tags (optional) | You can associate an asset with your desired single or multiple tags like Infosec, Banking Core Server, ATM Switches, etc. Refer to section Tags for more information about adding context with tags. |
Checkout policy | The option is selected as default, as one can choose its policy by unchecking the default option and selecting the policy from the drop-down list available. |
Rotation policy | The option is selected as default as one can choose its policy by unchecking the default option and selecting the policy from the drop-down list available |
Reconciliation policy | The option is selected as default as one can choose its policy by unchecking the default option and selecting the policy from the drop-down list available. |
Config value 1 | The configuration value can be assigned here. |
Config value 2 | The configuration value can be assigned here. |
Config value 3 | The configuration value can be assigned here. |
Config value 4 | The configuration value can be assigned here. |
Exclude from Account Discovery | When ticked, the accounts of this asset will be excluded from the Discovery job. |
Owner(optional) | If you have listed owner information of all the assets, please include it here. |