Microsoft Azure

Overview

Heeler supports broad visibility into Microsoft Azure and can be configured to onboard and harvest inventory data from all subscriptions.

Microsoft Azure

To add your Microsoft Azure tenant to Heeler, create an App Registration with the necessary API permissions and a client secret.

  1. Create a new App Registration. Navigate to that resource type and click on New registration

  1. Add Name, e.g., Heeler Security, and select the option Accounts in this organizational directory only. Then Register

  1. Return to Overview and copy/save the Application (client) ID and Directory (tenant) ID, which will be used when adding Microsoft Azure as a cloud organization in Heeler

  1. Ensure the App registration has the correct permission. Under Manage, select API permissions, Add a permission, and then Microsoft Graph

  1. Select Application permissions, search for and select Application.Read.All , and then select Add permissions.

  1. Confirm that permission is added. Note its status is Not granted and then select Grant admin consent

  1. After selecting Grant admin consent, click Yes in the confirmation modal

  1. Confirm permission Status is Granted

  1. Now navigate to Certificates & secrets and Client secrets. Add a client secret by adding a description, e.g., Heeler Security, and providing an expiration window, e.g., 730 days.

  1. Confirm the secret is saved and copy its Value, which will be used when adding Microsoft Azure as a cloud organization in Heeler

  1. Now navigate Resource Manager and Management Groups where we will attach a Reader role assignment to the App Registration's service principal.

    1. Click on Tenant Root Group.

    2. If the Tenant Root Group does not have a hyperlink, you will need someone with who can manage access to all Azure subscriptions and management groups in this tenant to complete these steps.

    3. If you believe you have sufficient permissions but there is still no hyperlink, confirm your access is enabled by navigating to Microsoft Entra ID -> Manage -> Properties and toggling on Access management for Azure resources. Then revisit Resource Manager -> Management Groups. N.b., these steps are not illustrated.

  1. Navigate to Access control (IAM) and select Add role assignment

  1. Select Role, search for Reader, select Reader, and then Next

  1. Select Members, assign access to User, group, or service principal, then click on + Select members. That opens a side panel where you can search for your App Registration by name (not its ID), select it, and then click Select

  1. Select Review + assign and then confirm that your management group has assigned a Reader role to your App Registration service principal

Heeler Configuration

Once the resources are created and configured in Microsoft Azure, you need to add their information to Heeler. Open the URL https://app.heeler.com/administration/connections/organizations or just click on the settings icon at the top right, select Connections, and then Cloud Organizations. Click on Add Organization and then select Microsoft Azure.

Enter:

  • Organization Identifier, i.e., the tenant ID

  • Organization Name, e.g., a unique name that describes the Microsoft Azure environment

  • Client ID, i.e., the application ID

  • Client Secret

  • Skip Listed Subscriptions, an optional comma-separated listed of subscription IDs to skip harvesting

Click Save. If everything is configured properly within Microsoft Azure you should see a success message and inventory collection will immediately begin in the background. Please note that for the first round of collection it could take some time based on the size of the Microsoft Azure footprint.

PreviousGCP Event CollectionNextMicrosoft Azure Supported Services

Last updated

Was this helpful?