Create a Microsoft Azure Connection to Cloud Configuration Assessment

You can configure a Microsoft Azure connection to Cloud Configuration Assessment (CCA). This connection allows CCA to collect data from your Azure resources on a scheduled interval basis. Cloud Configuration Assessment uses this data to assess your vulnerabilities in the cloud.

Azure connection requirements

You must meet the following requirements before you can connect your Microsoft Azure resources to Cloud Configuration Assessment in InsightVM.

  • A Microsoft Azure account with the appropriate admin permissions
  • The ReaderPlus role

Prepare your browser for this procedure

Configuring an Azure connection involves completing steps in both your Azure environment and InsightVM. Having both of these interfaces open in separate browser tabs will make this procedure easier to complete.

Setup Azure

Before you can create an Azure connection to CCA in InsightVM, you must set up the correct permissions in Azure.

Add a New Application Registration

  1. From the Azure portal, select Azure Active Directory > App registrations > New registration to add a new application registration.
  2. Complete the required fields and click Register.
  3. In the preview panel, copy the Application ID and the Tenant ID. You will need these values later.
  4. On the Overview page, select Certificates & secrets and click New client secret.
  5. Complete the description and set an expiration date for your secret.
  6. Click Add.

Copy the secret key

Copy and store the newly generated secret key. This is the only time you can view this key.

Setup your permissions

  1. Click Overview > API permissions > Add a permission.
  2. Click Azure Active Directory Graph.
  3. Select Application permissions as the required permissions for your application.
  4. In the Directory section, select Directory.Read.All.
  5. Click Add Permissions.
  6. From the Azure portal menu, select All services > Subscriptions.
  7. Select the subscription you want to associate to your application.
  8. Copy the subscription ID.
  9. Click Access control (IAM) > Add > Add role assignment.
  10. In the Role field, select the type of role.
  11. In the Select field, add your application.
  12. Click Save.

Configure an Azure connection in CCA

Use InsightVM’s Cloud Configuration Assessment connection wizard to create your connection.

  1. On the Cloud Configuration Assessment page, click Enable.
  2. Click Add next to Microsoft Azure.
  3. Add your Azure connection credentials.
  4. Click Save.