Help Document

Introduction

Getting started

Pre-logging setup

Logging setup

Product features

Admin settings

Microsoft Azure

Creating an app with permissions in the Microsoft Azure AD

  1. Adding a new app
    • Go to your Azure Active Directory.
    • Click on App Registrations.
    • Click on Add.
    • Fill in a valid Name and Sign-on URL (Preferred URL: http://localhost ) in the given fields.
    • Click on Create and a new app with the entered details is created.
  2. Assigning the necessary permissions to the app designated for Cloud Security Plus.
    • Click on the Subscription tab in the main menu.
    • Choose the subscription you wish to monitor.
    • Select Access control (IAM).
    • Choose the necessary role from the given list. The minimum permission required for Cloud Security Plus to collect logs is Reader.
    • Select the App.

Enter Azure AD credentials in the Cloud Security Plus console

  1. Click on the Settings tab
  2. Select the Cloud Type as Azure.
  3. Enter a Display name in the given box.
  4. Enter the following details to enable Cloud Security Plus to start collecting Azure activity logs.

Domain name of the Azure Active Directory

  • To view the domain name, go to the Azure Active Directory → Domain names.

Application ID of the app

  • To view the application ID, go to the Azure Active Directory → App registrations.
  • Select the app that you have designated for Cloud Security Plus
  • The Application ID of the app appears in the top-right under Essentials.

Secret key of the app

  • Click on the Settings of the designated App in the Azure AD.
  • Click on Keys in the API Access tab.
  • Enter a suitable Key description and duration.
  • Click on Save and the secret key will be generated by the portal.

Subscription ID of Azure Active Directory

  • To view the subscription ID, click on the Subscriptions tab in the main menu in Azure AD (Left side pane).