Microsoft Azure

Where do I find my Microsoft Azure credentials?

For Azure Cloud Scanning, Holm Cloud Scanner requires the following IDs from your Azure account:
  • Azure Application ID
  • Azure Key Value
  • Azure Directory ID
  • Azure Subscription ID

To find these requirements within your Azure environment, you will first need to create a new App registration; to do that, please do the following:

  1. Log in to your Azure Account through the Azure portal and navigate to the Azure Active Directory service.
  2. Click on Azure Active Directory > App registrations.
    mceclip0.png

  3. Click on New registration.
    mceclip0.png

  4. Name your App, i.e. "HolmScanner" and/or a descriptive name in the Name field; take note of it.
  5. Leave the "Supported account types" default: "Accounts in this organizational directory only (YOURDIRECTORYNAME)."
    mceclip0.png

  6. Click on Register.
  7. Now you will see both of the following:
    • Application (client) ID, which should be added to the field Azure Application ID
    • Directory (tenant) ID, which should be added to the field Azure Directory ID
      mceclip1.png

  8. Click on Certificates & secrets.
  9. Under Client secrets, click on New client secret.
    mceclip2.png

  10. Enter a Description i.e. "HolmScanner-2023" and select Expires i.e. "one year"
    mceclip2.png

  11. Click on Add.
  12. Now you will see the Client's value which should be added to the field Azure Key Value.
    • The Client's secret value appears only once. Make sure you store it safely.
      mceclip3.png

Azure Subscription ID

  1. Navigate to Subscriptions.
  2. Click on the relevant Subscription > Overview.
  3. Now you will see the Subscription ID, which should be added to the field Azure Subscription ID.mceclip0.png

  4. Done.

Adding IAM Permission for Scanning

  1. Navigate to Subscriptions.
  2. Click on Access Control (IAM).
  3. Go to the Role Assignments tab.
  4. Click Add, then Add role assignment.
  5. In the Role drop-down, select Security Reader.
    mceclip5.png

  6. Leave the Assign access to default value.
  7. Click Add Members > In the Select drop-down, type the name of the app registration e.g. "HolmScanner" you created and select it.
    mceclip6.png

  8. Click Save.
  9. Repeat the process for the "Log Analytics Reader" role.
  10. Done!