Microsoft Azure

Overview

Heeler supports broad visibility into Microsoft Azure and can be configured to onboard and harvest inventory data from all subscriptions.

Microsoft Azure

To add your Microsoft Azure tenant to Heeler, create an App Registration with the necessary API permissions and a client secret.

  1. Create a new App Registration. Navigate to that resource type and click on New registration

  1. Add Name, e.g., Heeler Security, and select the option Accounts in this organizational directory only. Then Register

  1. Return to Overview and copy/save the Application (client) ID and Directory (tenant) ID, which will be used when adding Microsoft Azure as a cloud organization in Heeler

  1. Ensure the App registration has the correct permissions. Under Manage, select API permissions, Add a permission, and then Microsoft Graph

  1. Select Application permissions, search for and select the following permissions one-by-one, and then select Add permissions. N.b., User.Read is present by default

Channel.ReadBasic.All
ChannelMember.Read.All
Chat.Create
ChatMember.Read.All
ChatMessage.Read.All
Team.ReadBasic.All
TeamMember.Read.All
Teamwork.Migrate.All
User.Read.All
User.ReadBasic.All

  1. Confirm that permissions are added. Note their status is Not granted and then select Grant admin consent

  1. After selecting Grant admin consent, click Yes in the confirmation modal

  1. Confirm permission Status is Granted

  1. Now navigate to Certificates & secrets and Client secrets. Add a client secret by adding a description, e.g., Heeler Security, and providing an expiration window, e.g., 730 days.

  1. Confirm the secret is saved and copy its Value, which will be used when adding Microsoft Azure as a cloud organization in Heeler

  1. Now create a new Subscription to define Heeler's permissions and scope. It is recommended that a dedicated subscription be added to your company's existing tenant. Doing this ensures isolation and adheres to industry standard best practices. The new subscription, typically named heeler-security , will use a Reader role. Navigate to Subscriptions and click Add

  1. Navigate to Access control (IAM) and select Add role assignment

  1. Select Role, search for Reader, select Reader, and then Next

  1. Select Members, assign access to User, group, or service principal, then click on + Select members. That opens a side panel where you can search for your App Registration by name (not its ID), select it, and then click Select

  1. Confirm that your subscription has assigned a Reader role to your App Registration service principal

  1. Finally, navigate to Overview and copy the value for your Subscription ID, , which will be used when adding Microsoft Azure as a cloud organization in Heeler. Afterwards, switch to Heeler

Heeler Configuration

Once the resources are created and configured in Microsoft Azure, you need to add their information to Heeler. Open the URL https://app.heeler.com/administration/connections/organizations or just click on the settings icon at the top right, select Connections, and then Cloud Organizations. Click on Add Organization and then select Microsoft Azure.

Enter:

  • Organization Identifer, i.e., the tenant ID

  • Organization Name, e.g., a unique name that describes the Microsoft Azure environment

  • Client ID

  • Client Secret

  • Subscription ID

  • Skip Listed Subscriptions, an optional comma-separated listed of subscription IDs to skip harvesting

Click Save. If everything is configured properly within Microsoft Azure you should see a success message and inventory collection will immediately begin in the background. Please note that for the first round of collection it could take some time based on the size of the Microsoft Azure footprint.

PreviousGCP Event CollectionNextMicrosoft Azure Supported Services

Last updated

Was this helpful?