Microsoft Azure
Creating an app with permissions in the Microsoft Azure AD
- Adding a new app
- Go to your Azure Active Directory.
- Click on App Registrations under Manage.
- Click on New Registration.
- Fill in a valid Name and Redirect URI (which is optional) in the given fields. The preferred URL is http://localhost. Kindly leave the rest of the fields unchanged.
- Click on Register and a new app with the entered details is created.
![Adding an App](../images/help/adding-an-app.png)
![register-on-application](../images/help/register-on-application.png)
- Assigning the necessary permissions to the app designated for Cloud Security Plus.
- Go to Subscriptions tab in the main menu.
- Choose the subscription you wish to monitor.
- Select Access control (IAM).
- Click on Add and click on the Add Role Assignment tab below.
- Choose the necessary role from the given list. The minimum permission required for Cloud Security Plus to collect logs is Reader.
- Search for the App created in the Select field and select the App.
- Click on Save.
![giving-necessory-permission](../images/help/giving-necessory-permission.png)
Enter Azure AD credentials in the Cloud Security Plus console
- Click on the Settings tab
- Select the Cloud Type as Azure.
- Enter a Display name in the given box.
- Enter the following details to enable Cloud Security Plus to start collecting Azure activity logs.
![logging-setup-azure](../images/help/logging-setup-azure.png)
Domain name of Azure Active Directory.
- To view the domain name, go to the Azure Active Directory. Under overview, you can find your Domain Name.
![domain-name-azure-active-directory](../images/help/domain-name-azure-active-directory.png)
Application ID of the app
- To view the application ID, go to the Azure Active Directory → App registrations.
- Select the app that you have designated for Cloud Security Plus.
- The Application ID of the app appears in the top-right under Essentials.
- Copy the Application ID.
![adding-an-application](../images/help/adding-an-application.png)
Secret key of the app
- To view the Secret Key, go to Azure Active Directory → App Registrations.
- Select the designated app for Cloud Security Plus.
- Click on Certificates & Secrets.
- Under Client Secrets go to New Client Secret.
- Enter the Description and fill-in the date of Expiry. Please ensure that the date of expiry is set as "Never".
- Click on Save.
- Copy the Value of the Client secret that is created. This is the Secret Key.
![azure-secret-key](../images/help/azure-secret-key.png)
Subscription ID of Azure Active Directory
- To view the subscription ID, go to Subscriptions and copy the subscription ID.