Microsoft Azure

Where do I find my Microsoft Azure credentials?

These are the credentials you need to use Cloud scanning for Azure:
  • Azure Application ID
  • Azure Key Value
  • Azure Directory ID
  • Azure Subscription ID

You must first create a new App registration to find these requirements within your Azure environment. To do this, please do the following:

  1. Log in to your Azure Account through the Azure portal and navigate to the Azure Active Directory service.
  2. Click on Azure Active Directory > App registrations.


  3. Click on New Registration.


  4. Name your App, i.e., "Holm Security Scanner," and a descriptive name in the Name field.
  5. Leave the Supported account types default: Accounts in this organizational directory only ([your directory name]).


  6. Click on Register.
  7. Now you will see both of the following:
    • Application (client) ID should be added to the Azure Application ID field.
    • Directory (tenant) ID should be added to the field Azure Directory ID.
  8. Click on Certificates & secrets.
  9. Under Client Secrets, click on New Client Secret.


  10. Enter a Description, i.e., "Holm Security Scanner," and select Expires, i.e., "one year."


  11. Click on Add.
  12. Now, you will see the client's value, which should be added to the field Azure Key Value.
    • The client's secret value appears only once. Make sure you store it safely.


Azure Subscription ID

To find the Subscription ID make sure to review this article by Microsoft:
https://learn.microsoft.com/en-us/azure/azure-portal/get-subscription-tenant-id (External link)


Adding IAM Permission for Scanning

  1. Navigate to Subscriptions.
  2. Click on Access Control (IAM).
  3. Go to the Role Assignments tab.
  4. Click Add > Add role assignment.
  5. In the Role drop-down, select Security Reader.


  6. Leave the Assign access to the default value.
  7. Click Add Members; in the Select drop-down, type the name of the app registration, e.g., "Holm Security Scanner," and select it.


  8. Click Save.
  9. Repeat the process for the Log Analytics Reader role.
  10. Done!