Barracuda Cloud Security Guardian must be able to communicate with your Cloud Service account. Perform the following steps to enable communication.
If you prefer, you can set up communication through the Azure Command Line Interface. Refer to Using the Command Line Interface (CLI).
Beginning the Process
- Continuing from Step 1: Creating a Cloud Security Guardian Account, click Get Started with Azure.
If you are not already at this screen follow these steps to get there:
- In Barracuda Cloud Security Guardian, navigate to Settings > Cloud Service Providers.
- Click Add Account to open the Barracuda Cloud Security Guardian onboarding wizard.
The Add Azure Account window displays. You will need to gather the information from Azure to make the entries in the wizard.
In a separate browser tab or window, open your Azure account.
Creating a Service Principle
In Azure, navigate to Azure Active Directory, then Manage > App registrations.
- Click New Application Registration. In the new window, enter the following information, then click Create.
- Name – Give this application a unique name that you will remember.
- Application Type – Usually Web Application
Sign-on URL – The base URL for your Barracuda Cloud Security Guardian application. Switch to the browser tab with running Barracuda Cloud Security Guardian and copy the portion of the URL up to and including the .com, and paste it into this field in the Azure tab. This is often
‡ When Azure has created the application, copy the Application ID and paste it into the Application/Client ID field in Barracuda Cloud Security Guardian.
Creating the Keys
- In Azure, close the current window. Under Manage > App registrations, open the new application you just created. It will likely be at the bottom of the list.
- Click Settings. In the Settings panel, click Keys.
- In the Keys panel, under Passwords, enter a Description of your key (usually correlated with the application name) and select the Duration you want for the key. Then click Save.
‡ Azure automatically generates a key Value. Copy the value from here and enter it in Barracuda Cloud Security Guardian as the Secret Key. Close the Key window.
Setting Permission for your Application
In Azure Settings, click Required Permissions. Then click Windows Azure Active Directory.
- In the Enable Access window, enable the following permissions, then click Save.
- Read directory data
- Read all users' full profiles
- Sign in and read user profile
Read your Organization’s Security Events
- Application Permissions
- Under Required Permissions, click Add.
In the Select an API section, select Microsoft Graph.
In the Enable Access section, select Read your organization's security events. Click Select, then click Done.
When you are asked if you are sure about granting permissions, click Yes.
Locating your Subscription ID
- In Azure, navigate to Subscriptions, then double-click on your subscription.
‡ Copy the Subscription ID. Switch to the browser tab running Barracuda Cloud Security Guardian and paste this value into the Subscription ID field.
Assigning the Contributor Role to your New Application
- Select Access Control (IAM), then click Add to add permission.
- In the Add permissions window, select the following information, then click Save.
- Role – Contributor
- Assign access to – Azure AD user, group, or service principal.
- Select – Select the application you created for use with Barracuda Cloud Security Guardian in Step 5 above.
Completing the Process
- In the Barracuda Cloud Security Guardian onboarding wizard, you should now have all of the field information entered. Click Add. Barracuda Cloud Security Guardian creates the connection to your Azure account.
Deploying the stack takes about 10 minutes.
The setup wizard continues to enabling Security & Compliance. To perform this setup, continue to Step 3: Enabling Security and Compliance - Azure.