Directions on how to activate Azure while documentation is updated
Resolution
Prerequisites
Azure Account
Have admin access to the Azure account.
CloudSoc API Key
Create an API key and note Key ID, Key Secret and Tenant. For more information, refer to Creating an API key.
Configuring the Azure Securlet
To activate an Azure securlet, login to the CASB tenant and go to Store | Microsoft Azure, and Click Configure This will take you to the "Microsoft Azure Configuration" window.
Enter the Connection Name.
By default, all storage accounts are scanned. If you want to limit the scanning to specific storage accounts, enable Data Scanning.
Once Data Scanning is enabled, you then have the option to define a data scanning scope as well as exceptions to that scope.
Selective scanning only scans storage accounts that match the configuration.
Save the connection.
Download Azure PowerShell Script and refer to the steps below to Run PS Script in Azure Account. Note: The connection will be visible in connections in the draft state till the administrator runs PS Script in Azure successfully.
Once PS Script is deployed in Azure Account, accounts\subscriptions from Azure will get onboarded, and Current Connections Details will be visible under Azure Connection.
Run PS Script in Azure Account
Open PS Script and update the CloudSocKeys at Line#11 $cloudsoc_public_key = "<key_id>" $cloudsoc_secret_key = "<key_secret>" $cloudsoc_tenant_id = "<tenant>"
Login to Azure Account.
Open Cloud Shell
Upload the PSScript to the Cloud Shell.
Run the script and follow the steps; it will prompt you to select a specific subscription or all subscriptions.
It is completely automated, with just one manual step to provide user and directory-level permissions. The details are available in the script itself.
PS Script generated resources.
The following resources will be generated.
CloudSoc App under Azure Active Directory
This app will require User.Readall, Directory.ReadAll and Application.ReadAll permissions to the Active Directory Application (cloudsoc_brcm_conn_app)
Event Grid Subscription (Azure Subscription) with a filter to Event types, Resource Write success, Resource Delete success, Resource Action success – for selected subscription.
The script will create Event Subscriptions for all the storage accounts under the selected subscription.