Skip to main content
McAfee MVISION Cloud

Enable Microsoft Azure

Before you enable Microsoft Azure, make sure that you have an Office 365 account with permissions that allow you to read security configurations of Azure resources to be monitored by MVISION Cloud.

Required Roles in Azure

Users require the following roles in Azure:

  • Config Audit
    • Reader
    • Reader and Data Access

NOTE: Reader and Data access permission is required for the Config Audit policy "Azure blob storage containers should not be world readable".

  • Activity Monitoring
    • Reader
    • Reader and Data Access
  • DLP and Malware (including Quarantine)
    • Reader and Data Access

NOTE: If you have any firewall or network restrictions for the Azure Subscriptions or Storage Accounts then MVISION Cloud IP addresses should be added to the allow list. For details, see MVISION Cloud - IP Addresses.

Configure Roles in Azure

  1. Log in to the Microsoft Azure Portal.
  2. Click Subscriptions.
    clipboard_e2fae5d1af1eb617f46c17f8f7547e57f.png
  3. Select the Subscription from the list. 
    2020-02-12_21-00-41.jpg
  4. Go to Access control (IAM) > Check access > Add a role assignment. Click Add.
    clipboard_e6010ad2fd30b1313dacb7dec959b8425.png
  5. Select a Role from the list. Select a user from the list, or search for a specific user. Click Save.
    clipboard_e4066845d40d3290455c046da5cad7917.png
  6. Go to Role assignments and search for the user to verify the roles assigned.
    clipboard_e0e6a7145c495f7e879aef62195c5f56d.png

Similarly, add roles for other users as well. Alternatively, you can also use the Deny assignments tab to block users from performing specific actions even if a role assignment grants them access. For more information, refer Deny assignments portal.
clipboard_e9bb35dcfae8cc9742668c42d576f5a07.png

Enable Azure

To enable Azure:

  1. Go to Settings > Service Management.
  2. Click Add Service Instance and select Microsoft Azure.  
  3. Add an Instance Name and click Done.
    clipboard_eff513f97de128e6577bcab2b0862e331.png
  4. Select the features you want to enable for your Azure account.
  • DLP. Use On-Demand Scans to examine cloud services for content that violates your policies and support targeted investigations. Enable On-Demand Scan to run your scan immediately or set the scan schedule to daily or weekly.
  • Activity Monitoring. Activity Monitoring allows forensic auditing and investigation of individual activities.
  • Security Configuration Audit. Security Configuration Audit allows your policy team to monitor and discover if your cloud services have been configured per industry best practices.
  • Vulnerabilities. Scans for Common Vulnerabilities and Exposures in container images. 
    azure_enable_features.png
  1. Review the mandatory Pre-requisites, click the checkbox, and click Next.
    clipboard_e3fd504b3de3abcdc4aa2e072065aea3a.png
  2. Click Provide API Credentials.
    Microsoft O365 (or Azure) login window appears.
    clipboard_ecfef6ffab81850fb0b8d2ac8ab9325e7.png
  3. Enter your O365 (or Azure) credentials, or pick an existing account.
    clipboard_ec67d4c88bcad0ec925474e90ea85f006.png
  4. Review the permissions and click Accept.
    clipboard_ec3f64fd3d830dad7720df1bb6c7f2925.png
  5. API Access is Enabled. Click Next.
    Make sure you have configured the roles in MVISION Cloud.
    clipboard_ea8227d50a0ac618747f28ff97bb9fc81.png
  6. Select a Subscription ID from the list. Click Next.
    clipboard_e66a8c3217196541f780c7257c7ce0f6f.png
  7. Select the Subscription Owner's email to notify any Configuration Audit Policy violation incidents. Alternatively, you can manually enter an email in the description box.
    clipboard_e6a4fe95fc4139438b3adcfdd6b9092fd.png
  8. Review your settings and click Save.
    clipboard_e27102cec4c5e1653d6474e72b93bb281.png

 Azure is enabled in the Service Management page.

 

  • Was this article helpful?