Microsoft Azure CSPM — Manual Configuration

Updated Nov 2, 2023

Configure Microsoft Azure for Arctic Wolf CSPM manually

You can manually configure Azure® for Arctic Wolf® Cloud Security Posture Management (CSPM).

Requirements

Steps

  1. Register the application.
  2. Retrieve the subscription ID.
  3. Add role assignments.
  4. Provide your Azure credentials to Arctic Wolf.

Step 1: Register the application

  1. Sign in to the Microsoft Entra ID (formerly Azure AD) admin center.

  2. In the navigation menu, click Microsoft Entra ID (Azure AD) > App registrations.

  3. Click + New registration.

  4. Configure these settings:

    • Name — Enter a name for the application.
    • Supported Account Types — Select the Accounts in this organizational directory only (<Organization-Name> only - Single Tenant) checkbox.
    • For all other fields, keep the default values.
  5. Click Register.

    The page for the newly registered application opens.

  6. Copy the Application (client) ID and Directory (tenant) ID values, and then save them in a safe, encrypted location. You will provide them to Arctic Wolf later.

  7. In the navigation menu, click Manage > Certificates & secrets.

  8. In the Client secrets section, click + New client secret, and then configure these settings:

    • Description — Enter a description for the client secret.
    • Expires — Select an expiration date for the client secret.
  9. Click Add.

  10. On the Client secrets tab, verify that your new client secret appears.

    Screenshot of the Certificates and Secrets page on the Microsoft Azure Portal. The Value field and text is highlighted by an orange box.
  11. Copy the Value value, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.

    Notes:

    • The Value value is only available immediately after creation. Do not exit the Certificates & Secrets page until the value is saved in a safe, encrypted location.
    • The Value value is the secret ID or client secret. You will provide the value to Arctic Wolf later. You do not need to copy the Secret ID field.
    • You must submit the updated client secret credentials to Arctic Wolf before the credentials expire.

Step 2: Retrieve the subscription ID

  1. In the navigation menu, click Subscriptions.
  2. Select the subscription that you want Arctic Wolf to scan.
  3. Copy the Subscription ID, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.

Step 3: Add role assignments

  1. In the All Services menu, click «Subscriptions.

  2. Select the subscriptions that you want to integrate with Arctic Wolf.

  3. Click Access control (IAM).

  4. Click the Role assignments tab.

  5. Click Add, and then click Add role assignment.

  6. For the both Security Reader and Log Analytics Reader roles, complete these steps:

    1. In the Role list, in the search bar, enter the role name.

    2. In the search results, select the role name.

    3. In the Select list, add the application that you created in Register the application.

      Note: In the Assign access to list, keep the default value.

    4. Click Save.

  7. In the Role assignments tab, verify that both Security Reader and Log Analytics Reader are listed.

Step 4: Provide your Azure credentials to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.

  2. In the menu bar, click Telemetry Management > Connected Accounts.

  3. Click Add Account +.

  4. On the Add Account page, in the Account Type list, select Cloud Security Posture Management.

  5. In the Cloud Services list, select Azure CSPM.

  6. On the Add Account page, configure these settings:

    • Account Name — Enter a unique and descriptive name for the account.
    • Directory ID — Enter the Directory (tenant) ID value from Register the application.
    • Application ID — Enter the Application (client) ID value from Register the application.
    • Subscription ID — Enter the Subscription ID value from Retrieve the subscription ID.
    • Secret Key — Enter the Client Secret value from Register the application.
    • Credential Expiry — (Optional) Enter the expiration date if the credentials have an expiry date.
  7. Click Test and submit credentials.

After your Concierge Security® Team (CST) adds this account to your scan configuration, the connected account changes to Healthy.

See also