Configuring Azure Cloud Environment Scanning

Configuration Guide

Updated Dec 20, 2022

Configuring Azure Cloud Environment Scanning

Overview Direct link to this section

This document describes how to configure scanning for your Microsoft Azure cloud environment configurations. Cloud scans are part of your Cloud Security Posture Management (CSPM). As part of this configuration, you must provide the following information for your Azure environment to Arctic Wolf using the Arctic Wolf Portal:

Note: You must be an Arctic Wolf® Managed Risk customer to configure cloud scanning.

Register the application Direct link to this section

  1. Sign in to the Microsoft Azure Portal.

  2. Open the navigation menu, and then select Azure Active Directory.

  3. Select App registrations from the navigation pane.

  4. Select New registration to open the Register an application page.

  5. Enter a memorable name for the application in the Name text box.

  6. In the Supported Account types section, confirm that Accounts in this organizational directory only (<Organization-Name> only - Single Tenant) is selected.

    Note: Leave all other fields as their defaults.

  7. Click Register. This opens the page for the newly registered application.

  8. Record the Application (client) ID and Directory (tenant) ID values to provide to Arctic Wolf as part of Provide credentials to Arctic Wolf.

  9. In the navigation pane, under Manage, select Certificates & secrets.

  10. In the Client secrets section, select + New client secret, and then create the secret:

    1. Enter a meaningful description for the client secret.

    2. Select your desired option for the Expires field.

      Tip: You must submit updated credentials to Arctic Wolf before the credentials expire.

    3. Click Add.

  11. Verify that your new client secret appears in the Client secrets section, and then copy the Value field to a secure location. You must provide this value to Arctic Wolf as part of Provide credentials to Arctic Wolf.

Screenshot of the Certificates and Secrets page on the Microsoft Azure Portal. The Value field and text is highlighted by an orange box.

Note: Ensure that you copy the Value field before exiting the page, as this value is only viewable immediately after creation. Do not copy the Secret ID field.

Retrieve the subscription ID Direct link to this section

  1. From the navigation menu, select Subscriptions, and then select the subscription that you want Arctic Wolf to scan.

  2. Record the Subscription ID to provide to Arctic Wolf as part of Provide credentials to Arctic Wolf.

Add role assignments Direct link to this section

  1. From the All Services menu, select «Subscriptions.

  2. Select the subscriptions that you want to integrate with Arctic Wolf.

  3. Select Access control (IAM). and then select the Role assignments tab.

  4. Click Add, and then select Add role assignment.

  5. In the Role list, enter Security Reader, and then select that option.

  6. In the Select list, add the application that you created in Register the application.

    Note: Leave the Assign access to list with the default value.

  7. Click Save.

  8. Repeat steps 5-7 for the Log Analytics Reader role.

  9. Verify that the Role assignments tab lists the two roles that you created.

Provide credentials to Arctic Wolf Direct link to this section

  1. Sign in to the Arctic Wolf Portal.

  2. Select Connected Accounts in the banner menu to open the Connected Accounts page.

    Connected Accounts menu

  3. Select +Add Account to open the Add Account form.

  4. Select Cloud Security Posture Management as the Account Type.

  5. Select Azure, and then fill in the form:

  6. Select Submit to CST.

  7. When prompted with the confirmation message, review your submission, and then select Done. You are returned to the Connected Accounts page.

  8. Verify that the newly-submitted credential entry appears in the cloud services list with the status Connection Pending.

After your Concierge Security® Team adds this account to your scan configuration, the status of your credentials changes to Connected.