Configure Azure connectors for gathering resource information from your Microsoft Azure account. It just takes a couple of minutes. Qualys connectors discovers and syncs resource inventories every 4 hours.
Let us see what permissions are needed to create Azure connector.
Before you create an Azure connector, ensure that you have the following permissions:
- Assign Azure Active Directory permissions to register an application with your Azure Active Directory
- Check Azure Subscription permissions to assign the application to a role in your Azure subscription
Go to the Configuration > Microsoft Azure and then click Create Connector.
Provide a few connector details.
(1) Enter a name and description (optional) for your connector.
(2) Select an account type for your connector: Global or US GovCloud. You can choose only one account type per connector.
(3) Select a frequency at which the connector should poll the cloud provider and fetch data.
By default, the connector polling frequency is configured for every 4 hours. As a result, the connector will connect with the cloud provider every 4 hours to fetch the data.
You can configure frequency from minimum one hour to maximum 24 hours. We recommend that you configure frequency of 4 hours or more for optimal use of your connector. Configuring a low polling frequency (lesser than 4 hours) can affect the performance of the connector and may result in Microsoft Azure API throttling error.
- If you trigger Run for the connector from the quick actions menu, the scheduled connector polling (as per the configured frequency) remains unaffected.
- Configuration of connector polling frequency is enabled only for Cloud Security Assessment (CSA) users.
(4) Set up the authentication details and copy/paste the authentication details into the form.
(5) Click Test Connector to verify if the connector can successfully authenticate using the provided service principal credentials in Microsoft Azure cloud environment. If the test connection is successful, proceed with the connector creation process. If the test connection fails, you may need to check and update the authentication details you provided for the connection to work.
Note: Ensure that you have provided the correct authentication details that are set up as per the listed steps for the connector to successfully fetch resource details.
(6) Click Create Connector.
That’s it! The connector will establish a connection with Microsoft Azure to start discovering resources from each region and evaluate them against policies.
Editing Connector Details
Go to Configuration > Microsoft Azure and select the connector for which you would want to edit the details. From the quick actions menu, select View and go to Connector Information tab and click Edit.
You can now edit the required details.
Once you update the required details, you can click Test Connector to verify if the connection to the Microsoft Azure cloud provider is successful with the details you updated. If the test connection is successful, click Save and proceed.
If the test connection fails, you may need to check and update the authentication details you provided for the connection to work.