Azure Cloud Assessment Setup

Before you begin

Ensure you have the necessary permissions to register new applications, create client secrets, and manage Azure Subscription IAC controls within your organization's account.

This process is crucial for integrating with FortifyData's services.

Log into Azure Portal

• Navigate to the Microsoft Entra ID service (formally known as Microsoft Active Directory)

Register a New Application

• Select App registrations.
• Click on New registration.
• Enter a name, such as FortifyData Cloud Assessment, in the Name field (you'll use this name again later).
• Leave the Supported account types default: Accounts in this organizational directory only (YOURDIRECTORYNAME).
• Click Register.

Copy Application and Directory IDs

• Copy the Application ID and paste it in FortifyData.
• Copy the Directory ID and paste it in FortifyData.

Create a Client Secret

• Click on Certificates & secrets.
• Under Client secrets, click on New client secret.
• Enter a description (e.g., FD-CloudAssess-2024) and select Expires in 1 year.
• Click Add.
• Copy the Client secret value (appears only once) and store it safely, then paste it in FortifyData.

Obtain Subscription ID

• Navigate to Subscriptions.
• Click on the relevant Subscription ID, copy it, and paste it in FortifyData.

Assign Roles

• Click on Access Control (IAM).
• Click +Add, then Add role assignment.
• From the list of Job function roles type Security Reader in the search box and select the role with the same name from the list below. Then click Next
• Leave the Assign access to default value (User, group, or service principal)
• Click the +Select members button.
• In the search box type the name of the app registration you used at the start of the process (e.g., FortifyData Cloud Assessment)
• From the search results, select the corresponding item then click the Select button at the bottom.
• Click the Next button at the bottom then Review + assign
• Repeat the process to assign the Log Analytics Reader role.