Microsoft Azure - Add Tag to Cloud Instance
  • 01 Feb 2024
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Microsoft Azure - Add Tag to Cloud Instance

  • Dark
    Light
  • PDF

Article summary

Microsoft Azure - Add Tag to Cloud Instance adds a tag to those Microsoft Azure cloud instances for:

  • Assets that match the results of the selected saved query, and match the Enforcement Action Conditions, if defined or assets selected on the relevant asset page.

See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.

Note:

General Settings

  • Action name - The name of this Enforcement Action. The system sets a default name. You can change the name.
  • Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.

Required Fields

These fields must be configured to run the Enforcement Set.

  • Azure subscription ID - The Subscription ID access control role in IAM for the Axonius application, as detailed in the Required Permissions section.
  • Cloud environment (default: Azure Public Cloud) - Select your Azure cloud environment type.
  • Azure client ID - The Application ID of the Axonius application, as detailed in the Required Permissions section.
  • Azure client secret - A user created key for the Axonius application, as detailed in the Required Permissions section.
  • Azure tenant ID - Microsoft Azure Active Directory ID, as detailed in the Required Permissions section.
  • Tag names - The tag name to be added to the Microsoft Azure cloud instance.
    • A tag name can have a maximum of 512 characters and is case-insensitive.
    • Tag names cannot have the following prefixes which are reserved for Azure use: 'microsoft', 'azure', 'windows'.
  • Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.

Additional Fields

These fields are optional.

  • Verify SSL (optional) - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
  • Tag values - The tag value to be added to the Microsoft Azure cloud instance.
    * If the tag already exists on the cloud instances, its value will be overridden with the specified value.

APIs

Axonius uses the Microsoft Azure - Tags - Create Or Update API.

Required Permissions

To connect to Microsoft Azure, you need to create a designated Axonius application in the Microsoft Azure Portal and grant it read-only permissions. All required credentials will be given once an application is created. For details, see Creating an application in the Microsoft Azure Portal.

Using Add Tag to Microsoft Azure Cloud Instance action requires a role similar to "Tag Contributor" (build-in role). At the very least, read access to the relevant resources is required, along with the permission to read and write tags (microsoft.resource.tags).


For more details about other Enforcement Actions available, see Action Library.


Was this article helpful?