Microsoft Azure CSPM — Manual Configuration
Updated Nov 2, 2023Configure Microsoft Azure for Arctic Wolf CSPM manually
You can manually configure Azure® for Arctic Wolf® Cloud Security Posture Management (CSPM).
Requirements
- Access to the Microsoft Entra ID (formerly Azure AD) admin center
Steps
- Register the application.
- Retrieve the subscription ID.
- Add role assignments.
- Provide your Azure credentials to Arctic Wolf.
Step 1: Register the application
-
Sign in to the Microsoft Entra ID (formerly Azure AD) admin center.
-
In the navigation menu, click Microsoft Entra ID (Azure AD) > App registrations.
-
Click + New registration.
-
Configure these settings:
- Name — Enter a name for the application.
- Supported Account Types — Select the Accounts in this organizational directory only (<Organization-Name> only - Single Tenant) checkbox.
- For all other fields, keep the default values.
-
Click Register.
The page for the newly registered application opens.
-
Copy the Application (client) ID and Directory (tenant) ID values, and then save them in a safe, encrypted location. You will provide them to Arctic Wolf later.
-
In the navigation menu, click Manage > Certificates & secrets.
-
In the Client secrets section, click + New client secret, and then configure these settings:
- Description — Enter a description for the client secret.
- Expires — Select an expiration date for the client secret.
-
Click Add.
-
On the Client secrets tab, verify that your new client secret appears.
-
Copy the Value value, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.
Notes:
- The Value value is only available immediately after creation. Do not exit the Certificates & Secrets page until the value is saved in a safe, encrypted location.
- The Value value is the secret ID or client secret. You will provide the value to Arctic Wolf later. You do not need to copy the Secret ID field.
- You must submit the updated client secret credentials to Arctic Wolf before the credentials expire.
Step 2: Retrieve the subscription ID
- In the navigation menu, click Subscriptions.
- Select the subscription that you want Arctic Wolf to scan.
- Copy the Subscription ID, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.
Step 3: Add role assignments
-
In the All Services menu, click «Subscriptions.
-
Select the subscriptions that you want to integrate with Arctic Wolf.
-
Click Access control (IAM).
-
Click the Role assignments tab.
-
Click Add, and then click Add role assignment.
-
For the both Security Reader and Log Analytics Reader roles, complete these steps:
-
In the Role list, in the search bar, enter the role name.
-
In the search results, select the role name.
-
In the Select list, add the application that you created in Register the application.
Note: In the Assign access to list, keep the default value.
-
Click Save.
-
-
In the Role assignments tab, verify that both Security Reader and Log Analytics Reader are listed.
Step 4: Provide your Azure credentials to Arctic Wolf
-
Sign in to the Arctic Wolf Unified Portal.
-
In the menu bar, click Telemetry Management > Connected Accounts.
-
Click Add Account +.
-
On the Add Account page, in the Account Type list, select Cloud Security Posture Management.
-
In the Cloud Services list, select Azure CSPM.
-
On the Add Account page, configure these settings:
- Account Name — Enter a unique and descriptive name for the account.
- Directory ID — Enter the Directory (tenant) ID value from Register the application.
- Application ID — Enter the Application (client) ID value from Register the application.
- Subscription ID — Enter the Subscription ID value from Retrieve the subscription ID.
- Secret Key — Enter the Client Secret value from Register the application.
- Credential Expiry — (Optional) Enter the expiration date if the credentials have an expiry date.
-
Click Test and submit credentials.
After your Concierge Security® Team (CST) adds this account to your scan configuration, the connected account changes to Healthy.