Log in to Cloud Security portal using the link received in email from us to complete the registration process and login.
Once you successfully logged in for the first time. You will be able to see the "Environment" page only under Global Tenant Setting (please refer to the screenshot below).
You will be able to see all of the pages once you add an Azure account.
Now, Click the Microsoft Azure account Icon in the above screenshot to start the onboarding process.
Input the necessary credentials for
- Microsoft Azure account Client id
- Client secret key
- Subscription ID
- Tenant ID,
then verify. Then click next to input other information.
Once you click on “Verify Keys” you will have the option to add Account and Organization details,
following which the account is connected, the scan will get automatically started.
- User Who will be proceeding with addition of app registration and allocation of role to app must have below permission attached.
Microsoft Entra ID level Access :
Subscription level Access (Role attached to User) :
- Owner
- Co-Administrator
Step 1: Create an App Registration
Go to Azure Active Directory > App registrations > New registration
For CSPM and CIEM Module – Please follow below steps to have Cloud Security Posture and Infrastructure Access Management working
Step 2: Give API permissions to App Registration
1.Search for all the above permissions listed below and add it to the created app.
- Application.Read.All
- AuditLog.Read.All
- Directory.Read.All
- Domain.Read.All
- Group.Read.All
- IdentityProvider.Read.All
- Policy.Read.All
- User.Read.All
- Reports.Read.All
Step 3: Attach a custom built Role with Below role definition to the app for Subscription
Go to Subscription > Access control (IAM) > Add > Add role assignment then add custom built role and assign the role to app. Please make sure to replace the value of {subscriptionId} in assignable scopes of custom role.
{
"properties": {
"roleName": "ReadOnlyCustomRole",
"description": "A custom role to view all resources, but does not allow you to make any changes in the infrastructure.",
"assignableScopes": [
"/subscriptions/{subscriptionId}"
],
"permissions": [
{
"actions": [
"*/read",
"Microsoft.KeyVault/checkNameAvailability/read",
"Microsoft.KeyVault/deletedVaults/read",
"Microsoft.KeyVault/locations/*/read",
"Microsoft.KeyVault/vaults/*/read",
"Microsoft.KeyVault/operations/read"
],
"notActions": [],
"dataActions": [],
"notDataActions": []
}
]
}
}
Step 4: Create a client secret for the App
Go to App registration select your app and click on Certificates & secrets > New client secret
Step 5: Copy Required Credentials
1.Copy Client ID and Tenant ID
Go to Azure Active Directory > App registrations. Then click on the application.
2.Copy Client Secret
Go to Azure Active Directory > App registrations > Certificates & secrets. Then copy the Client Secret.
3. Copy the Subscription ID
Go to Subscriptions. Copy the Subscription ID.
For CWPP Module - Attach below mentioned roles to the same app registration.
- Virtual Machine Contributor
- Disk Snapshot Contributor
- Network Contributor
For Threat Detection Module - Attach below mentioned roles to the same app registration.
- Storage blob data reader
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article