Configure Microsoft Azure for Arctic Wolf CSPM manually

You can manually configure Azure® for Arctic Wolf® Cloud Security Posture Management (CSPM).

These actions are required:

  • Access to the Microsoft Entra ID admin center

Register the application

  1. Sign in to the Microsoft Azure portal.
  2. In the portal menu, click Microsoft Entra ID.
    Note: If Microsoft Entra ID is not in your portal menu, click All services, and then click Hybrid + multicloud. Locate the entry for Microsoft Entra ID, and then click to add it as a favorite.
  3. In the navigation menu, click Manage > App registrations.
  4. Click + New registration.
  5. Configure these settings:
    • Name — Enter a name for the application.
    • Supported Account Types — Select the Accounts in this organizational directory only (<Organization-Name> only - Single Tenant) checkbox.
    • For all other fields, keep the default values.
  6. Click Register.

    The page for the newly registered application opens.

  7. Copy the Application (client) ID and Directory (tenant) ID values, and then save them in a safe, encrypted location. You will provide them to Arctic Wolf later.
  8. In the navigation menu, click Manage > Certificates & secrets.
  9. In the Client secrets section, click + New client secret, and then configure these settings:
    • Description — Enter a description for the client secret.
    • Expires — Select an expiration date for the client secret.
  10. Click Add.
  11. On the Client secrets tab, verify that your new client secret appears.

    Screenshot of the Certificates and Secrets page on the Microsoft Azure Portal. The Value field and text is highlighted by an orange box.

  12. Copy the Value value to a safe, encrypted location.
    You will provide it to Arctic Wolf later.
    Note:
    • The Value value is only available immediately after creation. Do not exit the Certificates & Secrets page until the value is saved in a safe, encrypted location.
    • The Value value is the Client Secret Value that you must provide to Arctic Wolf later. It is not necessary to copy the Secret ID field.
    • You must provide the updated client secret credentials to Arctic Wolf before the credentials expire.

Retrieve the subscription ID

  1. In the navigation menu, click Subscriptions.
  2. Select the subscription that you want Arctic Wolf to scan.
  3. Copy the Subscription ID, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.

Add role assignments

  1. In the All Services menu, click «Subscriptions.
  2. Select the subscriptions that you want to integrate with Arctic Wolf.
  3. Click Access control (IAM).
  4. Click the Role assignments tab.
  5. Click + Add > Add role assignment.
  6. On the Add role assignment page, complete these steps:
    1. Search for and select Security Reader from the Role list.
    2. Click Next.
    3. Click + Select Members.
    4. Search for and select the name of the application you created in Register the application.
    5. Click Select.
    6. Click Review + assign twice.
    7. Repeat these steps for the Log Analytics Reader role.
  7. In the Role assignments tab, verify that both Security Reader and Log Analytics Reader are listed.

Provide your Azure credentials to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Data Collection > Cloud Scanners.
  3. Click + Add Account.
  4. Click Azure.
  5. Click Next: Add Account Information.
  6. Configure these settings:
  7. Click Submit.
    A ticket is created so that your Concierge Security® Team (CST) can finalize the configuration of the account. At any time, you can click Tickets & Alerts to view the status of your ticket in the Unified Portal.