Set up Authentication Details

Create Application and get Application ID, Directory ID

Create an application in Azure Active Directory and you can then note the application ID.

1 - Log on to the Microsoft Azure console and press Azure Active Directory in the left navigation pane. 

2 - Click App Registrations > New registration.

3 - Provide the following details:

      a. Name: A name for the application (For example, My_Azure_Connector)

      b. Supported account types: Select Accounts in any organizational directory.

4 - Click Register.  The newly created application is displayed with its properties. Copy the Application (client) ID and Directory (tenant) ID and paste it into the connector details. 

Generate Authentication Key

Generate a secret key to provide as Authentication Key.

Create a secret key

1 - Select the application that you created and go to Certificates and Secrets > New client secret.

2 - Add a description and expiry duration for the secret key (recommended: Never) and click Add. 

3 - The value of the key appears in the Value field.

Copy the key value at this time. You won’t be able to retrieve it later. Paste the key value as Authentication Key into the connector details. You need to provide the key value with the application ID to log on as the application. Store the key-value where your application can retrieve it.

Acquire Subscription ID

Grant permission for the application to access subscriptions. Assign a role to the new application. The role you assign defines the permissions for the new application to access subscriptions.

1 - On the Azure portal, navigate to Subscriptions. 

2 - Select the subscription for which you want to grant permission to the application and note the subscription ID. To grant permission to the application you created, choose Access Control (IAM).

3 - Go to Add > Add a role assignment. Pick a Reader role. A Reader can view everything, but cannot make any changes to the resources of a subscription.

Note: You need to assign the Reader role if the same application is used in AssetView and CSPM connector module. If the application usage is limited to only the AssetView module (and not in the TotalCloud module), you need to have at least below permissions on the built-in or custom role assigned to the subscription.
- "Microsoft.Compute/virtualMachines/read",
- "Microsoft.Resources/subscriptions/resourceGroups/read",
- "Microsoft.Network/networkInterfaces/read",
- "Microsoft.Network/publicIPAddresses/read",
- "Microsoft.Network/virtualNetworks/read",
- "Microsoft.Network/networkSecurityGroups/read"

4 - Select Azure AD user, group, or application in the Assign Access dropdown.

5 - Type the application name in the Select drop-down and select the application you created. 

6 - Click Save to finish assigning the role. You’ll see your application in the list of users assigned to a role for that scope.

7 - Copy the subscription ID you noted and paste it into the connector details in the Qualys Azure Connector screen and then click Create Connector.