Connecting Vanta & Azure

  • Updated
Note: if you connected Azure to Vanta prior to October 1, 2021, you'll need to reconnect Azure to Vanta to avoid any service interruptions, due to Azure migrating apps from Azure Active Directory Graph to Microsoft Graph. You can find more information about the migration in this article from Microsoft

 

Prerequisites

  • Organization Administrator or Global Administrator access in Azure
  • Administrator Access in Vanta

 

Integrating with Azure

  • From the left-hand navigation panel, select Integrations
  • Select the Available tab, and search for Azure 
  • Select Connect

Screenshot_2023-03-08_at_2.46.56_pm.png

  • The toggle for Microsoft Azure will already be enabled and greyed out
    • Note: If you use Microsoft Defender for Cloud for vulnerability scanning, Enable the Microsoft Defender for Cloud for Vanta to view and populate the Vulnerabilities page. Hover over the tooltip for more information
       
  • Click the Next button


Screenshot_2023-03-08_at_3.14.01_pm.png

 

Creating Vanta App Registration

  • Click App Registration to navigate to Azure Active Directory.

Screenshot_2023-03-08_at_3.15.41_pm.png

 

  • Select New registration.

appreg2.png

 

  • Name the new application Vanta and click Register at the bottom of the page.   

                                              appreg3.png

 

  • Copy the Application ID and Directory ID from Azure, and paste these into the fields in Vanta
    Screenshot_2023-03-08_at_3.22.53_pm.png

    appid_steps.png

 

Creating Vanta Client Secret

  • Click Next for steps on how to create the client secret.

Screenshot_2023-03-08_at_3.29.11_pm.png

 

  • In Azure, navigate to Certificates & secrets. Click 'New client secret'.
  • In the fly-out menu, add the description Vanta and select 24 Months for the expiration
  • Click Add

Screenshot_2023-03-08_at_3.31.34_pm.png

  • Copy the key under 'Value' with the Clip Board icon, Then paste it in the Client secret value box in Vanta.
    Important: Once you leave this page in Azure you'll no longer be able to copy the Secret key. Please ensure to copy this before navigating away.


Screenshot_2023-03-08_at_3.40.06_pm.png
Screenshot_2023-03-08_at_3.43.08_pm.png

Creating API Permissions

  • Click Next to Add API permissions

Screenshot_2023-03-08_at_3.45.00_pm.png

  • In Azure, navigate to API Permissions. Select 'Add a permission' Then Select "Microsoft Graph" from the flyout menu 

Screenshot_2023-03-08_at_3.47.05_pm.png

  • Select Application Permissions.
    Use the search bar to filter for Directory, then Check "Directory.Read.All" permission.
  • Click "Add permissions"

Screen_Shot_2022-08-31_at_4.21.44_PM.png

 

  • Click Grant admin consent, and click Yes when prompted to grant requested permissions.

permissions6.png

 

Setting Subscription ID

  • In Vanta, click Next for steps to provide your subscription.
  • Click on the 'Subscriptions' hyperlink on this page, or navigate to Subscriptions in Azure
  • Copy the Subscription ID and paste in the 'Subscription ID' field in Vanta, then click Next.

subid2.png

Screenshot_2023-03-08_at_3.56.54_pm.png

 

Create IAM Role

  • In Azure, Click on your subscription and Navigate to Access Control (IAM), and click Add to add a role assignment.

Screenshot_2023-03-08_at_4.08.18_pm.png

  • Search for 'Reader' in the search box. Click to select, Then click the Members tab at the top

Screenshot_2023-03-08_at_4.11.36_pm.png

  • For 'Assign access to' select Azure AD user, group, or service principal.
  • Click '+Select Members' then Search for the app named 'Vanta'
    Select the Vanta app

Screenshot_2023-03-08_at_4.15.22_pm.png

  • After Selecting your App, Click Review + Assign at the bottom to assign the Role

Screenshot_2023-03-08_at_4.19.23_pm.png

  • If the connection is complete, a successful connection notification will display. If there are errors, an error message will provide additional details on what went wrong.

     
  • Navigate back to Vanta and click 'Next'. Please note, it may take a few moments for the changes to register, and you may need to try this more than once if you receive an error message initially.

  • The Azure Integration is now complete! The integration will now load in all your resources. 
    This might take a moment depending on how many resources need to be fetched. You may skip this step and let Vanta complete the scan in the background by clicking the 'Done' button.

    Once the scan is complete, you can navigate back to Integrations at any time to complete configuring the scope 

     
    mceclip0.png