sevco.io

Azure Compute

Suggest Edits

About Microsoft Azure Compute

Often referred to as just Azure or Azure Compute, Microsoft Azure Compute is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers. It provides software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS).

Why You Should Integrate Microsoft Azure

Integrating Microsoft Azure Compute provides you with an inventory of your Azure Compute virtual machines, enabling visibility and product coverage across your cloud assets.

How Does the Integration Work

This integration pulls information from Virtual Machines that satisfy the following criteria:

  • powered on VMs
  • VMs with uptime longer than 24 hours
  • VMs not within an availability set or scale set

Configuration Options

Device Filtering Options

FieldDescripitionExample
Include Availability SetBy default, availability sets are not pull in order to reduce the likelihood of duplicate records. By selecting this you will pull in all VMs associated with Availability Setsn/a
Include Machine Scale SetBy default, Machine Scale Sets are not pull in order to reduce the likelihood of duplicate records. By selecting this you will pull in all VMs associated with Machine Scale Setsn/a

External Documentation

Creating Credentials

See platform documentation for details on creating an application Microsoft Azure - Creating credentials

Required Permissions

To access Azure Compute resources in your subscription, you must assign a role to the application. When assigning a role you can utilize a built-in role or create a custom role with only the specific permissions required to access Azure Compute resources.

Built-in Role

  • Virtual Machine Contributor or Global Reader.

Follow the link for steps on how to assign a role to the application

Custom Role

  • Microsoft.Compute/availabilitySets/read
  • Microsoft.Compute/virtualMachines/instanceView/read
  • Microsoft.Resources/subscriptions/resourceGroups/read
  • Microsoft.Compute/virtualMachines/read
  • Microsoft.Network/networkInterfaces/read
  • Microsoft.Network/networkInterfaces/ipconfigurations/read
  • Microsoft.Network/publicIPAddresses/read
  • Microsoft.Network/publicIPAddresses/dnsAliases/read

After creating the application in the Microsoft Azure - Creating credentials steps, you will need to Create or update Azure custom roles using the Azure portal. Use the following example for assigning the appropriate permissions.

{
    "id": "<role definition ID>",
    "properties": {
        "roleName": "<Role Name>",
        "description": "",
        "assignableScopes": [
            "<Subscription ID>"
        ],
        "permissions": [
            {
                "actions": [
                    "Microsoft.Compute/availabilitySets/read",
                    "Microsoft.Compute/virtualMachines/instanceView/read",
                    "Microsoft.Resources/subscriptions/resourceGroups/read",
                    "Microsoft.Compute/virtualMachines/read",
                    "Microsoft.Network/networkInterfaces/read",
                    "Microsoft.Network/networkInterfaces/ipconfigurations/read",
                    "Microsoft.Network/publicIPAddresses/read",
                    "Microsoft.Network/publicIPAddresses/dnsAliases/read"
                ],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}

Once the custom role is created you can then follow the link for steps on how to assign a role to the application.

Contact Us

If you're having problems integrating a source, or if you've found something wrong in this document, please email us at [email protected].

Updated 7 months ago