Support for Azure Connectors

Configure Azure connectors for scanning Microsoft Azure resources for security issues using the Qualys Cloud Platform. Our Azure connector scans and detects virtual machines created using Resource Manager only.

Pre-requisites

Before you create an Azure connector, ensure that you have the following permissions:

- Assign Azure Active Directory permissions to register an application with your Azure Active Directory. Learn more

- Check Azure Subscription permissions to assign the application to a role in your Azure subscription. Learn more

How to configure Azure connectors

Go to the Connectors > Azure tab, select Create Azure Connector and our wizard will walk you through the steps.

Tip - We recommend you create at least one generic asset tag (for example Azure) and have the connector automatically apply that tag to all imported assets. You can add more tags to your Azure assets based upon discovered Azure metadata.

Set up Authentication Details

(2) Select the account type: Global or GovCloud. You can choose only one account type per connector.

- Select the check box to activate assets for automatic scanning after discovery.

That’s it! The connector will establish a connection with Microsoft Azure to start discovering resources from configured region.

Looking for something else?

A new connector is enabled automatically. This means your Azure assets are automatically monitored and any updates are synchronized with your account.

Disabling a connector stops the automatic monitoring and synchronization of Azure assets with our asset database. When you choose this option, you'll notice the value "Disabled" in the State column on the Connectors list.

Enabling a connector turns on the automatic monitoring and synchronization of Azure assets with our asset database.

The Show Assets option lets you view the Azure assets imported and synchronized by an Azure connector of interest. Go to the connectors list, hover over a connector, and select Show Assets from the Quick Actions menu.

The Run option lets you run the process that synchronizes Azure assets into your asset inventory. Go to the connectors list, hover over a connector, and select Run from the Quick Actions menu.

Azure connectors will no longer import and sync assets with a Deleted state. In other words, we will not add a new asset to your asset inventory for an Azure connector that is Deleted.

Please note:

- We did sync Deleted instances in previous releases. These will remain in your assets list until you purge them.

- If the status of an existing asset changes to Deleted then this will be updated in the asset details.

Use this query to easily find Azure assets with a Deleted instance state:
azure.vm.state:"DELETED"

The Delete option lets you delete (remove) a connector from your account. Go to the connectors list, hover over a connector, and select Delete from the Quick Actions menu. Good to Know - assets imported by the connector will not be removed.