Azure Integration
Integration guide for Resmo Azure Integration.
Resmo seamlessly integrates with Azure to ensure the security and compliance of your Azure environment.
- Collect all your Azure assets in place.
- Query your networks, storage, virtual machines, and 50+ other resources.
- Set up rule notifications based on Azure resource configurations and their changes.
- Set up custom or predefined rules for continuous security and compliance auditing.
- Check your Azure security and compliance posture using the Azure Best Practices and compliance packs.
Resmo has an Azure integration that you can install securely once you sign up for a Resmo account. Our application uses API calls to make the initial polling and receive existing resources.
Resmo Azure integration collects Network, Compute, Storage, and much more.
- Find Security Center subscriptions per tier
- Detect virtual networks without DDoS protection
- Identify virtual network VM protection
- List DNS zones with public access
- See network security groups without subnets
- List subscriptions managed by other tenants
>
az ad sp create-for-rbac --role Reader
Example Output:
{
"appId": "###appId###", // Client Id
"displayName": "azure-cli-2022-04-13-14-04-21",
"password": "#####", // Client Secret
"tenant": "###tenantId###" // Tenant Id
}- 1.Find objectId of the principal
az ad sp show --id ###appId### --query objectId - 2.Give your key vault read permission access to the created service principal with objectId
az keyvault set-policy --name ###vaultName### \ --object-id ###objectId### --secret-permissions get list \ --key-permissions get list --certificate-permissions get list
az role assignment create --assignee ###appId### --role Reader --scope /subscriptions/###subscriptionId###How to install
- 1.Sign up or log in to your Resmo account.
- 2.Go to the Integrations page, click on Add Integration, and select Azure.
- 3.Name the integration and write a description (optional.)
- 4.
5. Hit the create button, and you are ready to run queries.
- 1.Login to your Resmo account.
- 2.Navigate to the Integrations page and click your Azure integration.
- 3.Click the Delete button to uninstall or Disable to stop polling Azure resources temporarily.
- 4.(Optional) Delete the created Service Principal from App Registrations on your Azure Portal.
- Check your Service Principal's rights on your Azure Portal
- Be ensure your account have privileges to create Service Principal
If it is still not ready, delete the integration and create from scratch with following steps via creating new Service Principal.
You will see
Not Ready state for your integration after a while. To fix the problem you need to visit the setup steps and recreate the necessary resources for your account. After updating your integration you will see your integration became ready to poll resources.It may cause from two different scenario:
- The created service principal app does not have right for fetching the related resource. Have a look at permissions of your Service Principal. Creating new integration and service principle may fix the problem immediately.
- The resource may not be in your default subscription, you can try adding other subscriptions to the created Service Principle with this command:For giving access for other subscriptions of the Tenant (OPTIONAL)
Last modified 3mo ago