Microsoft Azure
Overview
Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through a global network of Microsoft-managed data. The Microsoft Azure adapter fetches devices from the Microsoft Azure Cloud Environment.
Use cases the adapter solves
The Azure adapter allows Axonius users to evaluate their public cloud resources to ensure that they are correctly configured and managed, even across multiple tenants. Users can also leverage data from this adapter to modify software update deployments (including security agents).
Types of Assets Fetched
Devices | 
Vulnerabilities | 
Roles | 
Groups | 
SaaS Applications | 
Compute Services | 
Application Services | 
Networks | 
Load Balancers | 
Databases | 
Containers | 
Object Storage | 
Network Services | 
Accounts/Tenants | 
Serverless Functions | 
Disks | 
Compute Images | 
Secrets | 
Certificates | 
Network/Firewall Rules | 
Alerts/Incidents | 
Application Resources | 
Configurations
For the full list of asset types and services this adapter fetches, see Microsoft Azure Services Fetched as Assets.
Data Retrieved from Microsoft Azure
The Microsoft Azure adapter collects a broad range of cloud asset and configuration data from Azure. By default, the adapter retrieves information from the following resource types and their associated child objects:
- Virtual Machines (VMs) – metadata, instance details, OS information, networking configuration, attached disks
- Virtual Networks (VNets) & Network Security Groups (NSGs) – subnets, IP configurations, security rules, associations
- Azure SQL Servers & Databases – server properties, database configurations, network and security settings
- Load Balancers – front-end IP configurations, backend pools, health probes, rules
- Storage Accounts – account properties, encryption settings, network access configurations
- Key Vaults – vault metadata, access policies, networking restrictions
- Azure Cache for Redis – instance properties, networking, configuration settings
- Azure Kubernetes Service (AKS) – cluster properties, node pools, configurations
Before You Begin
Authentication Methods
You can connect the adapter using one of the following authentication methods:
- Enterprise Application (Client ID / Client Secret) – Recommended for most scenarios.
- Enterprise Application (Certificate) – Provides certificate-based authentication.
Required Permissions
The following roles are mandatory for all authentication methods:
- Reader (Management Group and/or Subscription level)
- Directory Reader
Additional Permissions
These roles and permissions are required only if you want to fetch specific Azure services.
Roles:
- Key Vault Crypto Officer
Permissions:
Microsoft.KeyVault/vaults/keys/readMicrosoft.KeyVault/vaults/keys/update/actionMicrosoft.KeyVault/vaults/keys/create/actionMicrosoft.KeyVault/vaults/keys/import/actionMicrosoft.KeyVault/vaults/keys/recover/actionMicrosoft.KeyVault/vaults/keys/restore/actionMicrosoft.KeyVault/vaults/keys/deleteMicrosoft.KeyVault/vaults/keys/backup/actionMicrosoft.KeyVault/vaults/keys/purge/actionMicrosoft.KeyVault/vaults/keys/encrypt/actionMicrosoft.KeyVault/vaults/keys/decrypt/actionMicrosoft.KeyVault/vaults/keys/wrap/actionMicrosoft.KeyVault/vaults/keys/unwrap/actionMicrosoft.KeyVault/vaults/keys/sign/actionMicrosoft.KeyVault/vaults/keys/verify/actionMicrosoft.KeyVault/vaults/keys/release/actionMicrosoft.KeyVault/vaults/keys/rotate/action
More Information About This Adapter
- Deploying the Azure Adapter
- Advanced Settings
- Microsoft Azure Services Fetched as Assets
- Related Enforcement Actions
Updated 1 day ago