Discovery in Azure

Functions for Discovery in Azure include: 

 

An Azure application with read-only access to your Azure subscription must be setup for discovery to run and gather information of your assets on Azure.

Azure requirements for discovery:

  • Azure Subscription

  • Azure Application (client, tenant ids and client secret)

  • Subscription needs Reader Access to the Azure application

Steps to set up discovery of assets in Azure: 

  1. Log-in to your Azure portal. Click Subscriptions and note your subscription ID.

  2. From the left-hand hamburger menu , navigate to Azure Active Directory and note your tenant ID.

  3. Go to App registrations>click on New Registration.

  1. Enter a Name, select applicable options, then click Register to create an app.

  1. Navigate to Certificates and secret and click + New client secret> enter a Description > and click Add. Copy the value.

  1. Navigate to API permissions. Set up the API permissions for the application so that it has enough permissions for authentication. Click the Microsoft Graph API > Click Application permissions > enter the User.Read.All permission of type. Verify Admin consent is granted.

  1. Navigate to Azure Home page > Subscriptions page > and then Access control (IAM). Click the + Add button to add a role assignment, select, or search for the application and check the box to grant it the Reader role.

The Azure application is set up for querying Azure assets. Now, you need to set up discovery credentials, then set up profiles to scan or run discovery.