Microsoft Azure
Overview
Microsoft Azure cloud platform is more than 200 products and cloud services designed to help you bring new solutions to life—to solve today’s challenges and create the future. Build, run, and manage applications across multiple clouds, on-premises, and at the edge, with the tools and frameworks of your choice.
Available Integrations
The following Microsoft Azure services can be integrated with the Sevco platform:
Please review the configuration instructions in the section below before setting up permissions for apps.
Configuration
- Choose a Schema: A schema is a configuration template that defines a specific way to connect, authenticate, and interact with a source. The following are the available schemas
- Client ID/Secret with Domain: Will retrieve AD objects using a client ID/secret and additional domain identifier.
- Client ID/Secret with Domain and Region: Will retrieve AD objects using a client ID/secret and additional domain and region identifiers.
- OAuth2: Will retrieve AD objects using OAuth2 authentication. Note: OAuth2 will require re-authentication every 90 days, requiring you to edit and re-activate the source.
- Configure the Access Schema:
Client ID/Secret with Domain
| Field | Description | Example |
|---|---|---|
Application ID* | The Application (client) ID of the app created for access. | 00000000-0000-0000-0000-000000000000 |
Directory ID* | The Directory (tenant) ID of the associated domain | 11111111-1111-1111-1111-111111111111 |
Client Secret* | The value of the app's client secret created to authenticate with the source. | *********************** |
Client ID/Secret with Domain and Region
Azure Region* | The Region associated with your instance of Azure. | public |
Application ID* | The Application (client) ID of the app created for access. | 00000000-0000-0000-0000-000000000000 |
Directory ID* | The Directory (tenant) ID of the associated domain | 11111111-1111-1111-1111-111111111111 |
Client Secret* | The value of the app's client secret created to authenticate with the source. | *********************** |
OAuth2 with asset filtering
Note: You will be redirected to authenticate via OAuth. Log in with your Microsoft credentials and accept the permission request. Once you authenticate, you will be redirected back to the integrations page.
-
Add new integration Select which integration(s) you wish to add. See links for details on additional configuration required.
-
Configure General Information: OPTIONAL: You can set the following fields to give platform configuration
| Field | Description | Example |
|---|---|---|
Name (optional) | Uniquely identifiable attribute of the configuration to delineate other similar configurations with the existing organization | DMZ network |
Contact Person (optional) | A placeholder to input a name or email address of a contact associated with the integration. | Jane Doe |
Link to Console (optional) | A placeholder to input a link to the console of the product sevco is integrating with for quick reference and access when configuring or editing the integration. | www.product.com/devices |
- Activate Config: To enable this configuration and begin pulling data select "Activate".
External Documentation
Creating credentials
You'll be asked to provide source credentials that Sevco will use to connect to MS Azure.
OAuth2 with asset filtering
Use an existing MS Azure AD account with admin permissions authorized to grant permissions defined in the Required Permissions - OAuth2 with asset filtering section below.
Client ID/Secret with asset filtering
You'll be asked to provide a client secret that Sevco will use to connect to Microsoft Azure AD. This will require the creation of an application in Azure in order to provide API-based access. The following steps will walk you through creating a registered application and identify the necessary values to record for configuration.
- Microsoft Documentation: Tutorial: Register an app with Azure Active Directory
- Sevco Documentation: Azure - Creating Credentials
NOTE: Ensure to input the App Secret Value, not the Secret ID when configuring the plugin. This value is only available upon first
Required permissions
See integration specific documentation for details
| Integration | Permission | Admin consent required |
|---|---|---|
| Collect devices from Azure AD | Device.Read.All | Yes |
| Collect Users from Azure AD | User.Read.All | Yes |
| Collect Devices from Azure Compute | Microsoft.Compute/availabilitySets/read Microsoft.Compute/virtualMachines/instanceView/read Microsoft.Resources/subscriptions/resourceGroups/read Microsoft.Compute/virtualMachines/read Microsoft.Network/networkInterfaces/read Microsoft.Network/networkInterfaces/ipconfigurations/read Microsoft.Network/publicIPAddresses/read Microsoft.Network/publicIPAddresses/dnsAliases/read | n/a - A service principal account is required. Please see Collect Devices from Azure Compute for details. |
API Documentation
Contact Us
If you're having problems integrating a source, or if you've found something wrong in this document, please email us at [email protected].
Tags: cloud, directory service
Updated 7 months ago