Azure Overview & Support
Rapid7 Cloud Security (InsightCloudSec) offers extensive support for Microsoft Azure, which can be enabled using custom roles that securely allow Rapid7 access to your tenants and subscriptions.
If you have questions related to Azure or specific products and their support, contact us through the Customer Support Portal . If you’re interested in the Azure GovCloud support for Cloud Security (InsightCloudSec), review the Government Cloud Support Reference for details instead.
Onboard and manage accounts
You can onboard Azure tenants and subscriptions using several different methods:
- Onboard Azure subscriptions and tenants with a Python script
- Onboard an Azure subscription with the Azure portal
- Onboard an Azure tenant with the Azure portal
After the tenants and subscriptions have been added to Cloud Security (InsightCloudSec), you can manage, modify, or delete the configurations as necessary. See Clouds and Cloud Account Setup & Management for more details.
Azure roles
As part of the harvesting process, Cloud Security (InsightCloudSec) assumes a role inside your tenant and subscriptions to securely collect data. For most scenarios, using standard Azure roles is appropriate. To customize harvesting, Cloud Security (InsightCloudSec) maintains several custom roles. Which role you use depends on the type of account you are connecting and the level of access you want to provide Cloud Security (InsightCloudSec).
Azure products by region support
Where possible, Cloud Security (InsightCloudSec) supports Azure products in all regions they are available. For details on which products are available by region, visit Azure Product Availability by Region .
Custom Reader
The Custom Reader role grants Cloud Security (InsightCloudSec) enumerated read-only permissions to supported products in your connected Azure subscription or tenant. Using enumerated permissions follows best security practices, but this means the role must be manually updated with each new Azure product that Cloud Security (InsightCloudSec) supports. New product support is announced in the release notes .
The role JSON can be obtained from a public Rapid7 S3 bucket .
Reader Plus
The Reader Plus role grants Cloud Security (InsightCloudSec) wildcard read-only permissions to every Azure product, plus additional explicit permissions. Because the read-only permissions are granted to every product using a wildcard (*), you do not need to update the role as often as the Custom Reader or Power User roles.
The role JSON can be obtained from a public Rapid7 S3 bucket .
Power User
The Power User role grants Cloud Security (InsightCloudSec) all permissions to supported products in your connected Azure subscription or tenant. With the extended write permissions, Cloud Security (InsightCloudSec) can manage your Microsoft Azure resources directly or with Bots. This role must be manually updated with each new Azure product that Cloud Security (InsightCloudSec) supports. New product support is announced in the release notes .
The role JSON can be obtained from a public Rapid7 S3 bucket .
Frequently Asked Questions (FAQs)
What does Cloud Security (InsightCloudSec) support from Azure?
As one of the leading public cloud service providers, Cloud Security (InsightCloudSec) provides broad support for Microsoft Azure products. If you have questions related to Azure or specific products and their support, contact us through the Customer Support Portal .
How do I start seeing my Azure products in Cloud Security (InsightCloudSec)?
After your tenants and subscriptions are connected to Cloud Security (InsightCloudSec), Rapid7 uses the harvesting process to pull data from Azure.
What do I do after my subscriptions are being harvested?
After Cloud Security (InsightCloudSec) is harvesting at least one Azure subscription, you’re free to configure additional Azure features as necessary to enhance, optimize, or further secure your experience, like Azure Least Privileged Access (LPA) or CloudVM.
How can I optimize harvesting?
Cloud Security (InsightCloudSec) offers Event-Driven Harvesting, which requires additional configuration but optimizes harvesting by only pulling in new data when certain Azure events occur. Review our Azure Event-Driven Harvesting documentation for more information.