We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Cloud Security Guardian

Step 2: Adding a Cloud Service Account - Azure

  • Last updated on

Barracuda Cloud Security Guardian must be able to communicate with your Cloud Service account. Perform the following steps to enable communication.

Important: Ensure that the administrator adding the account is a Global Administrator.

  • You must complete Step 1: Creating a Cloud Security Guardian Account - Azure before proceeding with this step.
  • Barracuda Cloud Security Guardian is automatically licensed for 30 days, as part of the free trial. After you purchase Barracuda Cloud Security Guardian, you must specify the license. Refer to Licenses for details.
  • Note that part of the process described below, and the images accompanying it, are from Microsoft and are subject to change.
Beginning the Process
  1. Continuing from Step 1: Creating a Cloud Security Guardian Account, click Get Started with Azure.
    If you are not already at this screen follow these steps to get there:
    1. In Barracuda Cloud Security Guardian, navigate to Settings > Cloud Service Providers.
    2. Click Add Account to open the Barracuda Cloud Security Guardian onboarding wizard.
  2. The Add Azure Account window displays. You will need to gather the information from Azure to make the entries in the wizard.

    Throughout this process, you will be copying data from your Azure account and pasting it into the Barracuda Cloud Security Guardian onboarding wizard.
    Steps with the double-dagger symbol (‡) denote where copying occurs.
    If you choose, you can copy the data into a text file as an intermediate step.

  3. In a separate browser tab or window, open your Azure account.

    Creating a Service Principle Application
  4. In Azure, navigate to Azure Active Directory, then Manage > App registrations.
  5. Click New Registration. In the new window, enter the following information, then click Register.
    1. Name – Give this application a unique name that you will remember.
    2. Supported Account Types   – Select Accounts in any organizational directory (Any Azure AD directory - Multitenant).
    3. Redirect URI  – The base URL for your Barracuda Cloud Security Guardian application. Switch to the browser tab with running Barracuda Cloud Security Guardian and copy the portion of the URL up to and including the .com, and paste it into this field in the Azure tab. This is often https://csg.barracudanetworks.com


  6. When Azure has created the application, copy the Application ID and paste it into the Application/Client ID field in Barracuda Cloud Security Guardian.

    Setting Permission for Your Application
  7. In Azure App Registration, click View API Permission. Then click Add a Permission.

  8.  Select Azure Active Directory Graph. Select Delegated Permissions. Under User, select the following two permissions. Then click Add Permissions.

    • User.Read
    • User.Read.All
  9. On the same page, select Application Permissions. Under Directory, select Directory.Read.All. Click Add Permissions.
  10. Click Add Permissions, then select Microsoft Graph.
  11. Under Application Permission, search for Security. Under SecurityEvents, select SecurityEvents.read.All
    Then click Add Permissions

  12. Click Grant admin consent for your Subscription.

    Creating the Service Principal Key
  13. Log into the Azure portal: https://portal.azure.com
  14. In the left menu, click All services. Then click Azure Active Directory
  15. In the left menu of the Azure Active Directory page, click App registrations.
  16. Click on the registered app you created earlier in this process. The Registered app page opens.
  17. Click Certificates & secrets. The Certificates & secrets page opens. 
  18. In the Client secrets section, click New client secret
  19. The Add a client secret page opens. Specify the following:
    • Description – Enter a name for the service principal key.
    • Expires – Select Never expires. 
  20. Click Add
  21. The key displays in the Value column. Click the copy icon copy.png to copy the key to your clipboard.

    Important: You must copy the key before reloading the page because after you reload the page, the key no longer displays.

    Locating Your Subscription ID
  22. In Azure, navigate to Subscriptions, then double-click on your subscription.
  23.  Copy the Subscription ID. Switch to the browser tab running Barracuda Cloud Security Guardian and paste this value into the Subscription ID field.

    Assigning the Contributor Role to Your New Application
  24. Select Access Control (IAM), then click Add to add permission.
  25. In the Add permissions window, select the following information, then click Save.
    • Role – Contributor
    • Assign access to – Azure AD user, group, or service principal.
    • Select – Select the application you created for use with Barracuda Cloud Security Guardian in Step 5 above.

     Navigate to Active directory, then Manage > Properties. Copy the Directory ID. On the browser tab running Barracuda Cloud Security Guardian, paste this information into the Directory/Tenant ID field.

    Completing the Process

  26. In the Barracuda Cloud Security Guardian onboarding wizard, you should now have all of the field information entered. Click Add. Barracuda Cloud Security Guardian creates the connection to your Azure account.

Deploying the stack takes about 10 minutes.

The setup wizard continues to enable Security & Compliance. To perform this setup, continue to Step 3: Enabling Security and Compliance - Azure.


Last updated on