Microsoft Azure Resources
The Microsoft Azure discovery connection provides visibility on your virtual assets in Azure as they are created, used, and destroyed within the Azure infrastructure. Record the values for each of these fields. You will be required to provide them during the Azure discovery connection creation setup.
Sectona PAM platform supports Microsoft Azure Cloud Discovery. Azure SDK 2.9 is integrated. The resource scan collectes data from cloud providers using valid credentials for authenticating to cloud service provider API.
Before you begin
Ensure required Azure portal is accessible from Sectona Web Access server. You can choose to open a direct communication to the Azure portal or you can enable the communication by configuring a proxy. Refer proxy settings for configuring network proxy.
Ensure you have generated the credentials for configuring Azure discovery through PAM
Requirement | Description |
|---|---|
Connectivity / Ports | Communication to be enabled to Azure portal from Sectona Web Access server. |
Credential | As a prerequisite you should configure and register an app on the Microsoft Azure portal which will be used in PAM for discovering the resources. Refer Azure Documentation pages for more info on app registration on Microsoft Azure portal.
You can also generate above values using Microsoft Azure CLI refer installing Microsoft Azure CLI for setting-up Microsoft Azure CLI on your machine. Refer creating Microsoft Azure service principal for commands. |
Adding a Microsoft Azure resource scan Job
Select New Asset Discovery Job as Microsoft Azure resource scan in +Asset Discovery Tab
Attributes | Description |
|---|---|
Job details | |
Job title | Enter a unique title for your scan job |
Tenant ID | Enter the Microsoft Azure Active Directory ID |
Client ID | This is Application ID which is generated when an application principal identity is created o Microsoft Azure portal. |
Client Secret | This is the Application Secret which is created for an application identity on the Microsoft Azure portal. |
Subscriptions | Enter the subscription for the Microsoft Azure account on which you want discover the resources |
Password | Enter the password for authentication |
Schedule type | Select a schedule type whether you would like to initiate this job once or recurring job.If you select a recurring job,you can choose days this job must be executed on. For e.g. You want to schedule job every 2nd day at 5.00 p.m. from 1st Jan 2018 to scan your network ,include following details: Recur every: 2 days |
Task Start | Select the date when the task begins |
Schedule Time | You can either choose the "Any" or schedule a proper time from when to start the task and when to end the task |
Network proxy | If Sectona server cannot communicate with Azure directly, please provide valid proxy details to allow communication between Sectona server and Azure. |
Action | |
On board assets | To start a scan manually with an option to add assets to specify profiles, click the Onboard asset as 'No'. If you wish to include assets automatically to existing group and attributes, select option 'Yes' |
Description(optional) | Added text will be included in every asset description field |
Location(optional) | Added location field will be included in every asset location. You can configure system management location here |
Criticality level(optional) | Added critical field will be included in every asset. This is important while structuring reports and notifications. Refer to section Criticality level for more information about adding criticality level. |
| Tags (optional) | You can associate an asset with your desired single or multiple tags like Infosec, Banking Core Server, ATM Switches, etc. Refer to section Tags for more information about adding context with tags. |
Checkout policy | The option is selected as default as one can choose its policy by unchecking the default option and selecting the policy from the drop-down list available. |
Rotation policy | The option is selected as default as one can choose its policy by unchecking the default option and selecting the policy from the drop-down list available |
Reconciliation policy | The option is selected as default as one can choose its policy by unchecking the default option and selecting the policy from the drop-down list available. |
Config value 1 | The configuration value can be assigned here. |
Config value 2 | The configuration value can be assigned here. |
Config value 3 | The configuration value can be assigned here. |
Config value 4 | The configuration value can be assigned here. |
Exclude from Account Discovery | When ticked, the accounts of this asset will be excluded from the Discovery job. |
Owner(optional) | If you have listed owner information of all the assets, please include here |