Skip to main content

How to use the Azure application

Kim Curtis
  • Updated


    In order to install the Azure application, there are two possible paths.

    Either go from compliance tab, in Applications recommendation (only showed if not installed).
    azure_1.png

    Or go to the Azure App from Marketplace (all applications are listed, including Azure).
    azure_2a.png
    Click Allow when prompted.
    azure_3a.webp
    Input credentials when prompted, these will be generated by your Admin (Tenant ID, Subscription ID, Client ID, Client Secret)

    To obtain Tenant ID: How to find tenant ID
    To obtain secrets, client ID: How to find client ID and client secret key

    azure_4a.png
    Click Install
    You'll be redirected to the app. 
    azure_5a.webp
    App uninstallation wizard

    In order to Uninstall Azure, you can do it from Marketplace.
    Click Marketplace.
    azure_6a.webp
    Search for Azure.
    Click Uninstall.
    App is now uninstalled. 

    Signals in compliance

    If the app is installed, data for it will show up in Scorecards (assuming it has findings).

    azure_7a.png
    Go to My Scorecard (or any Scorecard).
    Click the Compliance tab.

    azure_8a.webp

    Pick a framework that contains Azure findings.

    azure_9a.webp



    Signals and information collected (sample)

    Configuration and status of Activity Log Alerts for various Azure resources (Network Security Groups, Public IP Addresses, Security Solutions, SQL Server Firewall Rules).
    Existence and configuration of specific Azure Defender settings for a range of services (App Services, ARM, Container Registry, Cosmos DB, Databases, DNS, Key Vaults, Kubernetes, Open Source Relational Databases, Resource Manager, Servers, SQL Database Servers, Storage).
    Status of email notifications and alert settings, including severity levels and additional email configurations.
    Authorization policies related to security group creation and application registration.
    Status of automatic provisioning for monitoring agents and network watcher services.
    Integration and configuration status of Microsoft Cloud App Security (MCAS) and Windows Defender ATP (WDATP) with the Azure Security Center.
    Multi-Factor Authentication (MFA) settings and specific user role configurations (e.g., domain user roles, sign-in settings).

     
     
    email not configured. Activity log alert does not exists for create or update Network Security Group event. Activity log alert does not exists for create or update Network Security Group Rule event. Activity Log Alert does not exists for Create or Update Public IP Address rule. Activity log alert does not exists for create or update Security Solution event. Activity Log Alert does not exists for Create or Update SQL Server Firewall Rule. Activity log alert does not exists for create policy assignment event. Activity log alert does not exists for create, update and delete SQL Server Firewall Rule event. Activity log alert does not exists for create, update and delete SQL Server Firewall Rule event. Activity log alert does not exists for delete Network Security Group event. Activity log alert does not exists for delete Network Security Group Rule event. Activity log alert does not exists for delete policy assignment event. Activity Log Alert does not exists for Delete Public IP Address rule. Activity log alert does not exists for delete Security Solution event. Activity Log Alert does not exists for Delete SQL Server Firewall Rule. Additional email addresses not configured. All users with the following roles not set to Owner. AppServicesAppServices azure defender disabled. ArmArm azure defender disabled. Authorization Policy allows user to create security groups. Authorization Policy allows user to register applications. Automatic provisioning of monitoring agent is off. Azure Defender off for App Services. Azure Defender off for Container Registry. Azure Defender off for Cosmos DB. Azure Defender off for Databases. Azure Defender off for DNS. Azure Defender off for Key Vaults. Azure Defender off for Kubernetes. Azure Defender off for Open Source Relational Databases. Azure Defender off for Resource Manager. Azure Defender off for Servers. Azure Defender off for SQL database servers. Azure Defender off for SQL servers on machines. Azure Defender off for Storage. ContainerRegistryContainerRegistry azure defender disabled. DnsDns azure defender disabled. KeyVaultsKeyVaults azure defender disabled. KubernetesServiceKubernetesService azure defender disabled. Manual verification required. Manual verification required. Check control description for more details. Microsoft Cloud App Security (MCAS) integrated with Security Center. Network watcher not enabled in {location} Notify about alerts with the following severity not set to High. Settings enabled for all the parameters. SqlServersSqlServers azure defender disabled. SqlServerVirtualMachinesSqlServerVirtualMachines azure defender disabled. Standard MFA - Azure MFA disabled. Steampipe Access is domain user with Reader role. StorageAccountsStorageAccounts azure defender disabled. VirtualMachinesVirtualMachines azure defender disabled. Windows Defender ATP (WDATP) integrated with Security Center. {user} is domain user with Owner role. {user} sign-in disabled. {user} sign-in enabled. {user} signing-in enabled.
     
    image-20230313-171631.png


    F"



    Related articles

    Comments

    0 comments

    Please sign in to leave a comment.