Barracuda Cloud Security Guardian must be able to access your Azure subscription and tenant.
Beginning the Process
- Continuing from Step 1: Creating a Cloud Security Guardian Account, click Get Started with Azure.
- If you are not already on this page, follow these steps to get there:
- In Barracuda Cloud Security Guardian, in the left navigation menu, select Cloud Connections.
- Click Add Account to open the Barracuda Cloud Security Guardian connection wizard.
Click Manual Connection Method to display the required fields.
You will gather the information from Azure to make the entries in the wizard.
Creating a Service Principal Application
In a separate browser tab or window, open your Azure account.
In Azure, navigate to Azure Active Directory, then Manage > App registrations.
- Click New Registration. In the new window, enter the following information, then click Register.
- Name – Give this application a unique name that you will remember.
- Supported Account Types – Select
Accounts in any organizational directory (Any Azure AD directory - Multitenant).
‡ When Azure has created the application, copy the following fields and copy them into Barracuda Cloud Security Guardian.
Copy Application ID; paste into the Application/Client ID field .
Copy Directory/Tenant ID; paste into the Directory/Tenant ID field.
Setting Permission for Your Application
In Azure App Registration, click View API Permission. Then click Add a Permission.
Select Azure Active Directory Graph. Select Delegated Permissions. Under User, select the following two permissions. Then click Add Permissions.
User.ReadUser.Read.All
- On the same page, select Application Permissions. Under Directory, select Directory.Read.All. Click Add Permissions.
- Click Add a Permission, then select Microsoft Graph.
- Under Application Permission, search for Security. Under SecurityEvents, select
SecurityEvents.read.All. Then click Add Permissions.
Click Grant admin consent for your Subscription.
Creating the Service Principal Key
- Log into the Azure portal: https://portal.azure.com
- In the left menu, click All services. Then click Azure Active Directory.
- In the left menu of the Azure Active Directory page, click App registrations.
- Click on the registered app you created earlier in this process. The Registered app page opens.
- Click Certificates & secrets. The Certificates & secrets page opens.
- In the Client secrets section, click New client secret.
- The Add a client secret page opens. Specify the following:
- Description – Enter a name for the service principal key.
- Expires – Select Never expires.
- Click Add.
The key displays in the Value column. Click the copy icon
to copy the key to your clipboard.Locating Your Subscription ID
- In Azure, navigate to Subscriptions, then double-click on your subscription.
‡ Copy the Subscription ID. Switch to the browser tab running Barracuda Cloud Security Guardian and paste this value into the Subscription ID field.
Assigning the Contributor Role to Your New Application
- Select Access Control (IAM), then click Add to add permission.
- In the Add permissions window, select the following information, then click Save.
- Role – Reader
- Assign access to – Azure AD user, group, or service principal.
- Select – Select the application you created for use with Barracuda Cloud Security Guardian in Step 5 above.
Completing the Process - In the Barracuda Cloud Security Guardian connection wizard, you should now have all of the field information entered. Click Add. Barracuda Cloud Security Guardian creates the connection to your Azure account.
The permissions might take a few minutes to apply. If you receive an error, review your information for accuracy and try submitting again.
Deployment takes about 10 minutes.
The wizard performs an initial scan of your cloud connection.
To continue getting started, refer to: