sevco.io

Microsoft Azure

Overview

Microsoft Azure cloud platform is more than 200 products and cloud services designed to help you bring new solutions to life—to solve today’s challenges and create the future. Build, run, and manage applications across multiple clouds, on-premises, and at the edge, with the tools and frameworks of your choice.

Available Integrations

The following Microsoft Azure services can be integrated with the Sevco platform:

ServiceSupported Asset Type(s)Integration Type
Active DirectoryDevices, UsersSource
ComputeDevicesSource

⚠️

Please review the configuration instructions in the section below before setting up permissions for apps.

Configuration

  1. Choose a Schema: A schema is a configuration template that defines a specific way to connect, authenticate, and interact with a source. The following are the available schemas
  • Client ID/Secret with Domain: Will retrieve AD objects using a client ID/secret and additional domain identifier.
  • Client ID/Secret with Domain and Region: Will retrieve AD objects using a client ID/secret and additional domain and region identifiers.
  • OAuth2: Will retrieve AD objects using OAuth2 authentication. Note: OAuth2 will require re-authentication every 90 days, requiring you to edit and re-activate the source.
  1. Configure the Access Schema:

Client ID/Secret with Domain

FieldDescriptionExample
Application ID*The Application (client) ID of the app created for access.00000000-0000-0000-0000-000000000000
Directory ID*The Directory (tenant) ID of the associated domain11111111-1111-1111-1111-111111111111
Client Secret*The value of the app's client secret created to authenticate with the source.***********************

Client ID/Secret with Domain and Region

Azure Region*The Region associated with your instance of Azure.public
Application ID*The Application (client) ID of the app created for access.00000000-0000-0000-0000-000000000000
Directory ID*The Directory (tenant) ID of the associated domain11111111-1111-1111-1111-111111111111
Client Secret*The value of the app's client secret created to authenticate with the source.***********************

OAuth2 with asset filtering

Note: You will be redirected to authenticate via OAuth. Log in with your Microsoft credentials and accept the permission request. Once you authenticate, you will be redirected back to the integrations page.

  1. Add new integration Select which integration(s) you wish to add. See links for details on additional configuration required.

  2. Configure General Information: OPTIONAL: You can set the following fields to give platform configuration

FieldDescriptionExample
Name (optional)Uniquely identifiable attribute of the configuration to delineate other similar configurations with the existing organizationDMZ network
Contact Person (optional)A placeholder to input a name or email address of a contact associated with the integration.Jane Doe
Link to Console (optional)A placeholder to input a link to the console of the product sevco is integrating with for quick reference and access when configuring or editing the integration.www.product.com/devices
  1. Activate Config: To enable this configuration and begin pulling data select "Activate".

External Documentation

Creating credentials

You'll be asked to provide source credentials that Sevco will use to connect to MS Azure.

OAuth2 with asset filtering

Use an existing MS Azure AD account with admin permissions authorized to grant permissions defined in the Required Permissions - OAuth2 with asset filtering section below.

Client ID/Secret with asset filtering

You'll be asked to provide a client secret that Sevco will use to connect to Microsoft Azure AD. This will require the creation of an application in Azure in order to provide API-based access. The following steps will walk you through creating a registered application and identify the necessary values to record for configuration.

NOTE: Ensure to input the App Secret Value, not the Secret ID when configuring the plugin. This value is only available upon first

Required permissions

See integration specific documentation for details

IntegrationPermissionAdmin consent required
Collect devices from Azure ADDevice.Read.AllYes
Collect Users from Azure ADUser.Read.AllYes
Collect Devices from Azure ComputeMicrosoft.Compute/availabilitySets/read
Microsoft.Compute/virtualMachines/instanceView/read
Microsoft.Resources/subscriptions/resourceGroups/read
Microsoft.Compute/virtualMachines/read
Microsoft.Network/networkInterfaces/read
Microsoft.Network/networkInterfaces/ipconfigurations/read
Microsoft.Network/publicIPAddresses/read
Microsoft.Network/publicIPAddresses/dnsAliases/read
n/a - A service principal account is required. Please see Collect Devices from Azure Compute for details.

API Documentation

Microsoft Graph documentation

Contact Us

If you're having problems integrating a source, or if you've found something wrong in this document, please email us at [email protected].

Tags: cloud, directory service