Note: if you connected Azure to Vanta prior to October 1, 2021, you'll need to reconnect Azure to Vanta to avoid any service interruptions, due to Azure migrating apps from Azure Active Directory Graph to Microsoft Graph. You can find more information about the migration in this article from Microsoft. |
Prerequisites
Organization Administrator or Global Administrator access in Azure
Administrator Access in Vanta
Integrating with Azure
From the left-hand navigation panel, select Integrations
Select the Available tab, and search for Azure
Select Connect
Choose the type of connection type for this integration
Subscription - Use this option if you have one or a few subscriptions as each will need to be linked individually
Tenant - Use this option if you have many subscriptions under one tenant
The toggle for Microsoft Azure will already be enabled and greyed out
Note: If you use Microsoft Defender for Cloud for vulnerability scanning, Enable the Microsoft Defender for Cloud for Vanta to view and populate the Vulnerabilities page. Hover over the tooltip for more information
Click the Next button
Setting Subscription ID
In Vanta, click Next for steps to provide your subscription.
Click on the 'Subscriptions' hyperlink on this page, or navigate to Subscriptions in Azure
Copy the Subscription ID and paste in the 'Subscription ID' field in Vanta, then click Next.
Creating Vanta App Registration
Click App Registration to navigate to Azure Active Directory.
Select New registration.
Name the new application Vanta and click Register at the bottom of the page.
Copy the Application ID and Directory ID from Azure, and paste these into the fields in Vanta
Creating API Permissions
Click Next to Add API permissions
In Azure, navigate to API Permissions. Select 'Add a permission' Then Select "Microsoft Graph" from the flyout menu
Select Application Permissions.
Use the search bar to filter for Directory, then Check "Directory.Read.All" permission.Click "Add permissions"
Click Grant admin consent, and click Yes when prompted to grant requested permissions.
Creating Vanta Client Secret
Click Next for steps on how to create the client secret.
In Azure, navigate to Certificates & secrets. Click 'New client secret'.
In the fly-out menu, add the description Vanta and select 24 Months for the expiration
Click Add.
Copy the key under 'Value' with the Clip Board icon, Then paste it in the Client secret value box in Vanta.
Important: Once you leave this page in Azure you'll no longer be able to copy the Secret key. Please ensure to copy this before navigating away.
Create IAM Role
In Azure, Click on your subscription and Navigate to Access Control (IAM), and click Add to add a role assignment.
Search for 'Reader' in the search box. Click to select, Then click the Members tab at the top
For 'Assign access to' select Azure AD user, group, or service principal.
Click '+Select Members' then Search for the app named 'Vanta' (the application you created earlier)
Select the Vanta app
After Selecting your App, Click Review + Assign at the bottom to assign the Role
If the connection is complete, a successful connection notification will display. If there are errors, an error message will provide additional details on what went wrong.
Navigate back to Vanta and click 'Next'. Please note, it may take a few moments for the changes to register, and you may need to try this more than once if you receive an error message initially.
The Azure Integration is now complete! The integration will now load in all your resources.
This might take a moment depending on how many resources need to be fetched. You may skip this step and let Vanta complete the scan in the background by clicking the 'Done' button.
Once the scan is complete, you can navigate back to Integrations at any time to complete configuring the scope