Help Documentation

Cloud Security Posture Management

Microsoft Azure Manual Configuration

Updated Sep 27, 2023

Azure cloud environment scanning

You can manually configure Azure for Arctic Wolf® Cloud Security Posture Management (CSPM). For instructions on how to configure Azure using a Terraform script, see Azure CSPM Terraform Configuration.

Register the application

  1. Sign in to the Microsoft Azure Portal.

  2. Open the navigation menu, and then select Azure Active Directory.

  3. Select App registrations from the navigation pane.

  4. Select + New registration.

  5. Enter a memorable name for the application in the Name field.

  6. In the Supported Account types section, confirm that Accounts in this organizational directory only (<Organization-Name> only - Single Tenant) is selected.

    Note: Leave all other fields as their defaults.

  7. Click Register. This opens the page for the newly registered application.

  8. Record the Application (client) ID and Directory (tenant) ID values to provide to Arctic Wolf in a later step.

  9. In the navigation pane, under Manage, select Certificates & secrets.

  10. In the Client secrets section, select + New client secret, and then create the secret:

    1. Enter a meaningful description for the Client Secret.

    2. Select your desired option for the Expires field.

      Tip: You must submit updated credentials to Arctic Wolf before the credentials expire.

    3. Click Add.

  11. Verify that your new Client Secret appears in the Client secrets section, and then copy the Value field to a secure location. You must provide this value to Arctic Wolf later.

Screenshot of the Certificates and Secrets page on the Microsoft Azure Portal. The Value field and text is highlighted by an orange box.

Note: Ensure that you copy the Value field before exiting the page, as this value is only viewable immediately after creation. Do not copy the Secret ID field.

Retrieve the subscription ID

  1. From the navigation menu, click Subscriptions, and then click the subscription that you want Arctic Wolf to scan.

  2. Record the Subscription ID to provide to Arctic Wolf as part of Provide credentials to Arctic Wolf.

Add role assignments

  1. From the All Services menu, click «Subscriptions.

  2. Select the subscriptions that you want to integrate with Arctic Wolf.

  3. Click Access control (IAM), and then click the Role assignments tab.

  4. Click Add, and then click Add role assignment.

  5. In the Role list, enter Security Reader, and then select that option.

  6. In the Select list, add the application that you created in Register the application.

    Note: Leave the Assign access to list with the default value.

  7. Click Save.

  8. Repeat steps 5-7 for the Log Analytics Reader role.

  9. Verify that the Role assignments tab lists the two roles that you created.

Provide credentials to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.

  2. In the menu bar, click Telemetry Management > Connected Accounts.

  3. Click Add Account +.

  4. On the Add Account page, from the Account Type list, select Cloud Security Posture Management.

  5. From the list of cloud services, select Azure CSPM.

  6. On the Add Account page, complete these steps:

    • Account Name — Enter a unique and descriptive name for the account.
    • In the Directory ID field, enter the Directory (tenant) ID value from Register the application.
    • In the Application ID field, enter the Application (client) ID value from Register the application.
    • In the Subscription ID field, enter the Subscription ID value from Retrieve the subscription ID.
    • In the Secret Key field, enter the Client Secret value from step 11 of Register the application.
    • Credential Expiry — (Optional) Enter the expiration date if the credentials have an expiry date.

  7. Click Test and Submit Credentials.

After your Concierge Security® Team (CST) adds this account to your scan configuration, the connected account changes to Healthy.