Configure an Agentless Connection via Microsoft Azure

This documentation describes how to add an agentless connection via the Microsoft Azure API. To add assets in bulk, it is recommended to use a Microsoft Azure discovery.

Configure your API access

To connect Cyberwatch to the Microsoft Azure API, you need 3 pieces of information:

  1. your tenant ID,
  2. an application’s client ID,
  3. the application’s client secret.

To get an application client ID, you need to access the Microsoft Entra console, service Microsoft Entra ID, and create a new app registration. From its overview, you should be able to get your tenant ID and the applications’s client ID.

Once the app registration is created, you need to give it read access to your infrastructure, from the Subscriptions service, Access control (IAM) menu, Role assignments tab.

Back to the app registration, you may then create a client secret from menu Certificates & secrets.

With these 3 pieces of information, you will be able to create a Microsoft Azure credential in Cyberwatch from menu Settings > Stored credentials.

To use the connector Microsoft Azure API, the application needs to have the following roles:

  • Managed Application Contributor Role
  • Storage Account Contributor
  • Virtual Machine Contributor

Create an Agentless Connection with the Azure API

Before setting up an agentless connection via the Azure API, the connector must be activated from Administration > Connectors Management > Agentless Connections Types and by checking Microsoft Azure API before validating.

  1. Click on Assets Management > Agentless Connections > Add.
  2. In the Address field, specify the machine’s hostname.
  3. In Access Protocol, select Microsoft Azure API.
  4. Specify the Resource Group Name and Subscription ID associated with the target machine.
  5. In the Credentials field, select the previously saved set of Azure credentials.

Once saved, the machine will be monitored by Cyberwatch.


Back to top