Creating an app with permissions in the Microsoft Azure AD
- Adding a new app
- Go to your Azure Active Directory.
- Click on App Registrations.
- Click on Add.
- Fill in a valid Name and Sign-on URL (Preferred URL: http://localhost ) in the given fields.
- Click on Create and a new app with the entered details is created.
- Assigning the necessary permissions to the app designated for Cloud Security Plus.
- Click on the Subscription tab in the main menu.
- Choose the subscription you wish to monitor.
- Select Access control (IAM).
- Choose the necessary role from the given list. The minimum permission required for Cloud Security Plus to collect logs is Reader.
- Select the App.
Enter Azure AD credentials in the Cloud Security Plus console
- Click on the Settings tab
- Select the Cloud Type as Azure.
- Enter a Display name in the given box.
- Enter the following details to enable Cloud Security Plus to start collecting Azure activity logs.
Domain name of the Azure Active Directory
- To view the domain name, go to the Azure Active Directory → Domain names.
Application ID of the app
- To view the application ID, go to the Azure Active Directory → App registrations.
- Select the app that you have designated for Cloud Security Plus
- The Application ID of the app appears in the top-right under Essentials.
Secret key of the app
- Click on the Settings of the designated App in the Azure AD.
- Click on Keys in the API Access tab.
- Enter a suitable Key description and duration.
- Click on Save and the secret key will be generated by the portal.
Subscription ID of Azure Active Directory
- To view the subscription ID, click on the Subscriptions tab in the main menu in Azure AD (Left side pane).