To enable USM Anywhere to monitor your Microsoft Azure subscription, you must create an application that grants permission to USM Anywhere to fetch data using the Azure software development kit (SDK) and Azure REST API. USM Anywhere requires the following credentials:
|Azure Credential||USM Anywhere Field Name|
|azure_tenant_id||Azure Tenant ID|
|azure_subscription_id||Azure Subscription ID|
|azure_application_id||Azure Application ID|
|azure_application_key||Azure Application Key|
If you're a Windows OS user, you can create the application in one of two ways:
- Using a PowerShell script, which is available through the USM Anywhere Setup wizard.
- Manually, within your Azure subscription.
If you're not a Windows OS user, you must create the application manually from your Azure subscription.
Important: You must have global administrator privileges to create an application and obtain credentials.
The subscription ID is required when you complete the Azure Credentials step of the sensor setup in USM Anywhere.
To get the Azure subscription ID
- Log in to the Microsoft Azure console (https://portal.azure.com).
From the Azure Dashboard, select your subscription.
From the Subscription page, copy your Subscription ID and save it somewhere that you can access later.
To allow USM Anywhere to access Azure resources, you must set up an Azure Active Directory (AD)Active Directory (AD) is a directory service that Microsoft developed for Windows domain networks. application and complete the Azure standard procedure for adding a new application registration, and then either upload a certificate or create a client secret for Azure AD.
- Go to Azure Active Directory > App registrations > New registration.
- Enter a name for the application and select the desired account type.
- Enter the redirect URI if required.
- Click Register.
Once you have completed the registration, you need to either upload a certificate or create a client secret by following the process listed in the Microsoft documentation. After saving the client secret, the value displayed in the Azure portal is the Azure Application Key.
As you add and configure the new application, you may need the application ID, directory ID, and object ID. This information is required when you complete the Azure Credentials step of the sensor setup in USM Anywhere.
To locate the IDs, go to Azure Active Directory > App registrations and select the new application you created.
If you want to use USM Anywhere to monitor all of your Azure resources, you should associate it with your Azure subscription as a whole.
To associate the application with the entire subscription
- Log in to the new Azure portal (https://portal.azure.com).
- Go to More Services > Subscriptions, locate the subscription, and select it.
Select Access control (IAM) in the navigation list.
This reveals a new blade that displays the roles and permissions that exist for the subscription.
At the top of the blade, click Add.
Select the Reader role (Recommended).
This role allows assigned users to fetch new Azure logs.
Warning: IAM Contributor role is a requirement if you choose use IIS, SQL Server, and Windows Logs.
- Select the service principal you created previously to assign the role to the subscription.
Click Save and OK.
You can now complete the Azure Credentials step of the USM Anywhere Sensor setup (see Azure Credentials).