Help Document

Introduction

Getting started

Pre-logging setup

Logging setup

Product features

Admin settings

Microsoft Azure

Creating an app with permissions in the Microsoft Azure AD

  1. Adding a new app
    • Go to your Azure Active Directory.
    • Click on App Registrations under Manage.
    • Click on New Registration.
    • Fill in a valid Name and Redirect URI (which is optional) in the given fields. The preferred URL is http://localhost. Kindly leave the rest of the fields unchanged.
    • Click on Register and a new app with the entered details is created.

      Adding an App

      register-on-application

  2. Assigning the necessary permissions to the app designated for Cloud Security Plus. 
    • Go to Subscriptions tab in the main menu.
    • Choose the subscription you wish to monitor.
    • Select Access control (IAM).
    • Click on Add and click on the Add Role Assignment tab below.
    • Choose the necessary role from the given list. The minimum permission required for Cloud Security Plus to collect logs is Reader.
    • Search for the App created in the Select field and select the App.
    • Click on Save.

      giving-necessory-permission

Enter Azure AD credentials in the Cloud Security Plus console

  1. Click on the Settings tab
  2. Select the Cloud Type as Azure.
  3. Enter a Display name in the given box.
  4. Enter the following details to enable Cloud Security Plus to start collecting Azure activity logs.

    logging-setup-azure

Domain name of Azure Active Directory.

  • To view the domain name, go to the Azure Active Directory. Under overview, you can find your Domain Name.

    domain-name-azure-active-directory

Application ID of the app

  • To view the application ID, go to the Azure Active Directory → App registrations.
  • Select the app that you have designated for Cloud Security Plus.
  • The Application ID of the app appears in the top-right under Essentials.
  • Copy the Application ID.

    adding-an-application

Secret key of the app

  • To view the Secret Key, go to Azure Active Directory → App Registrations.
  • Select the designated app for Cloud Security Plus.
  • Click on Certificates & Secrets.
  • Under Client Secrets go to New Client Secret.
  • Enter the Description and fill-in the date of Expiry. Please ensure that the date of expiry is set as "Never".
  • Click on Save.
  • Copy the Value of the Client secret that is created. This is the Secret Key.

    azure-secret-key

Subscription ID of Azure Active Directory

  • To view the subscription ID, go to Subscriptions and copy the subscription ID.