Enable vDiscovery in Azure
- Shirly Tsang
Analytics
In order to use vDiscovery in Azure, you must integrate the discovery application with Azure Active Directory (AAD) for secure authentication and authorization.
Create an App Registration in Azure AD
In the Azure Portal, click the menu.
Select Azure Active Directory.
Click on App registrations.
Click New registration.
Type a Name for your App.
Ensure Accounts in this organizational directory only is selected under Supported account types.
Click Register.
On the App’s Overview page, hover over Application (client) ID.
Click to copy the value to the clipboard. Save this ID.
Click on Endpoints.
Hover over the OAuth 2.0 token endpoint (v1) and click to copy the value to the clipboard. Save this Endpoint.
Click on API permissions.
Click Add a permission.
Select the Azure Service Management API.
Select the checkbox for user_impersonation.
Click Add permissions.
Click on Certificates & secrets.
Click New client secret.
Enter a Description.
Select when the secret Expires.
Click Add.
Hover over the key Value of your new secret and click to copy the value to the clipboard. Save this Client Secret.
Add Role Assignment to Subscription
For each Azure subscription where vDiscovery will be conducted, the new App needs to be added as a Reader. Alternatively, Reader permissions can be assigned at the Resource Group level for more granular control of what is included for vDiscovery.
In the Azure Portal, type subscription into the search box.
Click on Subscriptions.
Select your desired subscription from the list.
On the Subscription blade, select Access control (IAM).
Click on Add.
Select Add role assignment from the dropdown.
Select Reader from the Role dropdown.
Type the name of your App in the Select box.
Select your new App registration.
Click Save.
