Microsoft Azure - Add Tag to Cloud Instance

Updated on 01 Feb 2024
2 Minutes to read

Print
Share
Dark
Light
PDF

Article Summary

Share feedback

Thanks for sharing your feedback!

Microsoft Azure - Add Tag to Cloud Instance adds a tag to those Microsoft Azure cloud instances for:

Assets that match the results of the selected saved query, and match the Enforcement Action Conditions, if defined or assets selected on the relevant asset page.

See Creating Enforcement Sets to learn more about adding Enforcement Actions to Enforcement Sets.

General Settings

Enforcement Set name (required) - The name of the Enforcement Set. A default value is added by Axonius. You can change the name according to your needs.
Add description - Click to add a description of the Enforcement Set. It is recommended to describe what the Enforcement Set does.
Run action on assets matching following query (required) - Select an asset category and a query. The Enforcement Action will be run on the assets that match the query parameters.
- A query only returns results for the asset type it was created for.
- Not all asset categories are supported for all Enforcement Actions.
  - See Actions supported for Activity Logs, Adapters Fetch History, and Asset Investigation modules.
  - See Actions supported for Vulnerabilities.
  - See Actions supported for Software.
Action name (required) - The name of the Main action. A default value is added by Axonius. You can change the name according to your needs.
Configure Dynamic Values - Toggle on to enter a Dynamic Value statement. See Creating Enforcement Action Dynamic Value Statements to learn more about Dynamic Value statement syntax.

Required Fields

These fields must be configured to run the Enforcement Set.

Azure subscription ID - The Subscription ID access control role in IAM for the Axonius application, as detailed in the Required Permissions section.
Cloud environment (default: Azure Public Cloud) - Select your Azure cloud environment type.
Azure client ID - The Application ID of the Axonius application, as detailed in the Required Permissions section.
Azure client secret - A user created key for the Axonius application, as detailed in the Required Permissions section.
Azure tenant ID - Microsoft Azure Active Directory ID, as detailed in the Required Permissions section.
Tag names - The tag name to be added to the Microsoft Azure cloud instance.
- A tag name can have a maximum of 512 characters and is case-insensitive.
- Tag names cannot have the following prefixes which are reserved for Azure use: 'microsoft', 'azure', 'windows'.
Compute Node - The Axonius node to use when connecting to the specified host. For more details, see Connecting Additional Axonius Nodes.

Additional Fields

These fields are optional.

Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.
Tag values - The tag value to be added to the Microsoft Azure cloud instance.
* If the tag already exists on the cloud instances, its value will be overridden with the specified value.

APIs

Axonius uses the Microsoft Azure - Tags - Create Or Update API.

Required Permissions

To connect to Microsoft Azure, you need to create a designated Axonius application in the Microsoft Azure Portal and grant it read-only permissions. All required credentials will be given once an application is created. For details, see Creating an application in the Microsoft Azure Portal.

Using Add Tag to Microsoft Azure Cloud Instance action requires a role similar to "Tag Contributor" (build-in role). At the very least, read access to the relevant resources is required, along with the permission to read and write tags (microsoft.resource.tags).

For more details about other Enforcement Actions available, see Action Library.

Was this article helpful?

What's Next

Microsoft Entra ID (Azure AD) - Add or Remove Assets in Group

Table of contents

General Settings
Required Fields
Additional Fields
APIs
Required Permissions