Configure Azure connectors for scanning Microsoft Azure resources for security issues using the Qualys Cloud Platform. Our Azure connector scans and detects virtual machines created using Resource Manager only.
Let us see what permissions are needed to create Azure connector.
Before you create an Azure connector, ensure that you have the following permissions:
- Assign Azure Active Directory permissions to register an application with your Azure Active Directory. Learn more
- Check Azure Subscription permissions to assign the application to a role in your Azure subscription. Learn more
Go to the Connectors > Azure tab, select Create Azure Connector and our wizard will walk you through the steps.
Tip - We recommend you create at least one generic asset tag (for example Azure) and have the connector automatically apply that tag to all imported assets. You can add more tags to your Azure assets based upon discovered Azure metadata.
Provide a few connector details.
(1) Enter a name and description (optional) for your connector.
(2) Select the account type: Global or GovCloud. You can choose only one account type per connector.
(3) Set up the authentication details and copy/paste the authentication details into the form.
(4) In the Tags and Activation step, you could configure the following:
- Select the check box to activate assets for automatic scanning after discovery.
- Configure the tags for the connector.
(5) Click Create Connector.
That’s it! The connector will establish a connection with Microsoft Azure to start discovering resources from configured region.
Can I disable a connector? Sure, no problem
A new connector is enabled automatically. This means your Azure assets are automatically monitored and any updates are synchronized with your account.
Disabling a connector stops the automatic monitoring and synchronization of Azure assets with our asset database. When you choose this option, you'll notice the value "Disabled" in the State column on the Connectors list.
Enabling a connector turns on the automatic monitoring and synchronization of Azure assets with our asset database.
Easily view assets imported by a connector
The Show Assets option lets you view the Azure assets imported and synchronized by an Azure connector of interest. Go to the connectors list, hover over a connector, and select Show Assets from the Quick Actions menu.
Run option - use to manually synchronize instance data
The Run option lets you run the process that synchronizes Azure assets into your asset inventory. Go to the connectors list, hover over a connector, and select Run from the Quick Actions menu.
Deleted instances not synchronized
Azure connectors will no longer import and sync assets with a Deleted state. In other words, we will not add a new asset to your asset inventory for an Azure connector that is Deleted.
- We did sync Deleted instances in previous releases. These will remain in your assets list until you purge them.
- If the status of an existing asset changes to Deleted then this will be updated in the asset details.
Use this query to easily find Azure assets with a Deleted instance
How to Delete a connector
The Delete option lets you delete (remove) a connector from your account. Go to the connectors list, hover over a connector, and select Delete from the Quick Actions menu. Good to Know - assets imported by the connector will not be removed.