- 16 Mar 2023
- 3 Minutes to read
-
Print
-
DarkLight
-
PDF
Microsoft Azure - Add Tag to Cloud Instance
- Updated on 16 Mar 2023
- 3 Minutes to read
-
Print
-
DarkLight
-
PDF
Microsoft Azure - Add Tag to Cloud Instance takes the saved query supplied as a trigger (or devices that have been selected in the asset table) and adds a tag to those Microsoft Azure cloud instances.
See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.
General Settings
- Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonious. You can change the name according to your needs.
- Add description (optional) - Click to add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
- Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
- A query only returns results for the asset type it was created for.
- Not all asset categories are supported for all Enforcement Actions.
- See Actions supported for Activity Logs and Adapter Fetch History Modules
- Action name - The name of the Main action. A default value is added by Axonious. You can change the name according to your needs.
- Configure Action Conditions - Toggle on to enter a condition statement. See Configuring Enforcement Action Conditions to learn more about condition statement syntax.
Connection Settings
- Azure subscription ID (required) - The Subscription ID access control role in IAM for the Axonius application, as detailed in the Required Permissions section.
- Azure client ID (required) - The Application ID of the Axonius application, as detailed in the Required Permissions section.
- Azure client secret (required) - A user created key for the Axonius application, as detailed in the Required Permissions section.
- Azure tenant ID (required) - Microsoft Azure Active Directory ID, as detailed in the Required Permissions section.
- Cloud environment (required, default: Azure Public Cloud) - Select your Azure cloud environment type.
- Verify SSL (required, default: False) - Verify the SSL certificate offered by the value supplied in Hostname or IP Address. For more details, see SSL Trust & CA Settings.
- If enabled, the SSL certificate offered by the selected Microsoft Azure cloud environment will be verified against the CA database inside of Axonius. If the SSL certificate can not be validated against the CA database inside of Axonius, the connection will fail with an error.
- If disabled, the SSL certificate offered by the selected Microsoft Azure cloud environment will not be verified against the CA database inside of Axonius.
- HTTPS Proxy (optional, default: empty) - A proxy to use when connecting to the selected Microsoft Azure cloud environment.
- If supplied, Axonius will utilize the proxy when connecting to the selected Microsoft Azure cloud environment.
- If not supplied, Axonius will connect directly to the selected Microsoft Azure cloud environment.
Action Settings
- Tag name (required) - The tag name to be added to the Microsoft Azure cloud instance.
- A tag name can have a maximum of 512 characters and is case-insensitive.
- Tag names cannot have the following prefixes which are reserved for Azure use: 'microsoft', 'azure', 'windows'.
- Tag value (optional, default: empty) - The tag value to be added to the Microsoft Azure cloud instance.
- If the tag already exists on the cloud instances, its value will be overridden with the specified value.
APIs
Axonius uses the Microsoft Azure - Tags - Create Or Update API.
Required Permissions
To connect to Microsoft Azure, you need to create a designated Axonius application in the Microsoft Azure Portal and grant it read-only permissions. All required credentials will be given once an application is created. For details, see Creating an application in the Microsoft Azure Portal.
Using Add Tag to Microsoft Azure Cloud Instance action requires a role similar to "Tag Contributor" (build-in role). At the very least, read access to the relevant resources is required, along with the permission to read and write tags (microsoft.resource.tags).
For more details about other Enforcement Actions available, see Action Library.