Microsoft Azure Compute

Microsoft Azure Compute is a suite of cloud computing services that provide a wide range of infrastructure and tools for running various types of applications and services. You can bring virtual machine data from Azure Compute into Brinqa to gain a comprehensive view of your hosts, allowing you to identify and address potential vulnerabilities on those assets, thus strengthening your overall cybersecurity posture.

This document details the information you must provide for the connector to authenticate with Azure Compute and how to obtain that information from Microsoft. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select Azure Compute from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Azure Compute with Brinqa:

Client ID and Client secret: The client ID and client secret associated with the service principal, which must have permissions to log in to the Microsoft Azure Active Directory (Active AD) and return data from the Azure Compute API.
Tenant ID: The unique identifier for the Active AD tenant associated with the service principal.
Subscription ID: The unique identifier for your Microsoft Azure subscription, which represents a billing and resource usage entity within Azure. The Subscription ID is required to grant the Azure Compute connector access to resources within your specific subscription, such as Virtual Machines.

Register a Microsoft Azure Application

You must create a new application for the Azure Compute connector to authenticate with Azure AD and access the Azure Compute API. To register an application in your Azure AD tenant, follow these steps:

Log in to your Microsoft Azure Portal as an administrator.
Navigate to and click Microsoft Entra ID.
On the left-hand side of the page, click App registrations, and then click New registration.
Give your new application a name, select the supported account types, and provide an optional Redirect URI. If you do not have a redirect URI, you can leave the field as is.
Click Register.

note

For additional details about registering an application in Azure AD and creating a service principal, see Microsoft documentation.

Obtain Microsoft Azure credentials

After you have created your new Microsoft Azure application, your client and tenant ID display. Copy the Application (client) ID and Directory (tenant) ID as shown below:

Azure Compute Client and Tenant IDs

To obtain your client secret and subscription ID, follow these steps:

Click Certificates & secrets and then click New client secret.
Provide a description, set an expiry date, and then click Add.

The new client secret displays. You cannot view the client secret again. There is both a Value and Secret ID. The Value field is needed for authentication. Copy the Value field and save it to a secure location.
Search for "Subscriptions" in the search box at the top of the page and click Subscriptions.

The subscription ID of your new application displays. Copy this subscription ID. In addition to the Client ID, Tenant ID, and Client secret, the Subscription ID is also needed for authentication.

Assign permissions

After you have created your new Microsoft Azure application and obtained the authentication credentials, you must assign the required permissions for the application to access your data. To do so, follow these steps:

Navigate to the applicable Azure subscription.
Click Access control (IAM), click Add, and then click Add role assignment from the drop-down.
In the Job function roles tab, select the Virtual Machine Contributor role.
Click Next.
In the Members tab, click the User, group, or service principal option.
Click Select members, search for and click the application you registered earlier, and then click Select.
Navigate to the Review + assign tab and click Review + assign.

note

If you do not have permissions to assign roles, contact your Azure administrator. For additional information, see Microsoft documentation.

(Optional) Create a management group for multiple subscriptions

If you have multiple Azure subscriptions, you can organize them into a single management group to uniformly set access controls. To do so, follow these steps:

Log in to your Microsoft Azure Portal as an administrator.
Search for "Management groups" in the search box and click Management groups.
Click Create, provide a management group ID and display name, and then click Submit.
On the Management groups page, click the name of the new management group.
Click Add subscription, select the Azure subscriptions you want to add to the management group, and then click Save.
Click Access control (IAM), click Add, and then click Add role assignment from the drop-down.
Search for and select the role you want to assign to the management group.
Click Next.
In the Members tab, click the User, group, or service principal option.
Click Select members, search for and click the application you registered earlier, or any relevant members who require this role, and then click Select.
Navigate to the Review + assign tab and click Review + assign.

note

If you do not have permissions to create management groups, contact your Azure administrator. For additional information, see Microsoft documentation.

Types of data to retrieve

The Azure Compute connector can retrieve the following types of data from the Azure Compute API:

Table 1: Data retrieved from Azure Compute API

Connector Object	Required	Maps to Data Model
Virtual Machine	Yes	Host

info

The Azure compute connector does not currently support operation options for the types of data it retrieves.

For detailed steps on how to view the data retrieved from Azure Compute in the Brinqa Platform, see How to view your data.