Guides
sevco.io

Azure Compute

Suggest Edits

About Microsoft Azure Compute

Often referred to as just Azure or Azure Compute, Microsoft Azure Compute is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through Microsoft-managed data centers. It provides software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS).

Why You Should Integrate Microsoft Azure

Integrating Microsoft Azure Compute provides you with an inventory of your Azure Compute virtual machines, enabling visibility and product coverage across your cloud assets.

How Does the Integration Work

This integration pulls information from Virtual Machines that satisfy the following criteria:

  • powered on VMs
  • VMs with uptime longer than 24 hours
  • VMs not within an availability set or scale set

⚠️

If you haven't already, please review our instructions for configuring the integration before proceeding with the instructions below.

Configuration Options

Device Filtering Options

OAuth

FieldDescriptionExample
Expires In*Specifies the number of seconds a token is active for before it expires120
Expires AtSpecifies the exact timestamp for when a token will expire in Unix epoch format1702414200
Token Type*Specifies the type of token being issuedBearer
ScopeUse this to list the permissions you would like to grant the token you are usingMicrosoft.HybridCompute/machines/read
API DomainSpecifies the base domain or endpoint of the API your token has permissions forhttps://management.azure.com
ext_expires_inSpecifies the number of seconds until a token expires, accounting for extended token lifetimes120
Access Token*The token used to authenticate API requestseyJhbGciOiJSUzI1NiIsImtpZCI6IjEyMzQ1 Njc4OTAxMjM0NTY3ODkwIn0.eyJhdWQi OiJodHRwczovL2FwaS5leGFtcGxlLmNvb SIsInN1YiI6IjEyMzQ1Njc4OTAxMjM
ID TokenA JSON Web Token that contains information about the user account authenticating the integration such as their username and email.eyJhbGciOiJSUzI1NiIsImtpZCI6IjEyMz Q1Njc4OTAxMjM0NTY3ODkwIn0.eyJ2ZXIiOi IxLjAiLCJ0aWQiOiJkZGZmMmM3My1kZjEyL TQ3NTYtOWQ1ZS1hMjU2MzQ1NjQ3Y
Refresh TokenA token that allows you to obtain a new access token once your current one expires without needing to re-authenticate0.AQvBOhABkmTJsm9swPgxXmAzbG99bQ fXKIdI7fqdyhwZ5mGpAAA.AgABAAAAAAD-- DLA3VO7QrddgJg7WevrAgDnrNNUYJdG5h C_yDE7zBQ7HQl-AAA.AQABAAAAAAD--DLA3VO7QrddgJg7WevrAgDAhfLREPb5y tF0ITqT82TZAAA
Include Availability SetBy default, availability sets are not pull in order to reduce the likelihood of duplicate records. By selecting this you will pull in all VMs associated with Availability Setsn/a
Include Machine Scale SetBy default, Machine Scale Sets are not pull in order to reduce the likelihood of duplicate records. By selecting this you will pull in all VMs associated with Machine Scale Setsn/a

External Documentation

Creating Credentials

See platform documentation for details on creating an application Microsoft Azure - Creating credentials

Required Permissions

To access Azure Compute resources in your subscription, you must assign a role to the application. When assigning a role you can utilize a built-in role or create a custom role with only the specific permissions required to access Azure Compute resources.

Built-in Role

  • Virtual Machine Contributor or Global Reader.

Follow the link for steps on how to assign a role to the application

Custom Role

  • Microsoft.Compute/availabilitySets/read
  • Microsoft.Compute/virtualMachines/instanceView/read
  • Microsoft.Resources/subscriptions/resourceGroups/read
  • Microsoft.Compute/virtualMachines/read
  • Microsoft.Network/networkInterfaces/read
  • Microsoft.Network/networkInterfaces/ipconfigurations/read
  • Microsoft.Network/publicIPAddresses/read
  • Microsoft.Network/publicIPAddresses/dnsAliases/read

After creating the application in the Microsoft Azure - Creating credentials steps, you will need to Create or update Azure custom roles using the Azure portal. Use the following example for assigning the appropriate permissions.

{
    "id": "<role definition ID>",
    "properties": {
        "roleName": "<Role Name>",
        "description": "",
        "assignableScopes": [
            "<Subscription ID>"
        ],
        "permissions": [
            {
                "actions": [
                    "Microsoft.Compute/availabilitySets/read",
                    "Microsoft.Compute/virtualMachines/instanceView/read",
                    "Microsoft.Resources/subscriptions/resourceGroups/read",
                    "Microsoft.Compute/virtualMachines/read",
                    "Microsoft.Network/networkInterfaces/read",
                    "Microsoft.Network/networkInterfaces/ipconfigurations/read",
                    "Microsoft.Network/publicIPAddresses/read",
                    "Microsoft.Network/publicIPAddresses/dnsAliases/read"
                ],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}

Once the custom role is created you can then follow the link for steps on how to assign a role to the application.

Contact Us

If you're having problems integrating a source, or if you've found something wrong in this document, please email us at support@sevco.io.

Updated 30 days ago