It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Cloud Security Guardian

Manually Adding a Cloud Service Account - Azure

  • Last updated on

Barracuda Cloud Security Guardian must be able to access your Azure subscription and tenant. 

Note: The preferred method of adding an Azure account to Barracuda Cloud Security Guardian is described in Step 2: Adding a Cloud Service Account - Azure. If you encounter issues when using the preferred method, you can use the method described on this page.


  • You must complete Step 1: Creating a Cloud Security Guardian Account - Azure before proceeding with this step.
  • Barracuda Cloud Security Guardian is automatically licensed for 30 days, as part of the free trial. After you purchase Barracuda Cloud Security Guardian, you must specify the license. Refer to License Management for details.
  • Note that part of the process described below, and the images accompanying it, are from Microsoft and are subject to change.
Beginning the Process
  1. Continuing from Step 1: Creating a Cloud Security Guardian Account, click Get Started with Azure.
     AzureConnection.png
  2. If you are not already on this page, follow these steps to get there:
    1. In Barracuda Cloud Security Guardian, in the left navigation menu, select Cloud Connections.
    2. Click Add Account to open the Barracuda Cloud Security Guardian connection wizard.
  3. Click Manual Connection Method to display the required fields.
    You will gather the information from Azure to make the entries in the wizard.

    AzureManual.png

    Throughout this process, you will be copying data from your Azure account and pasting it into the Barracuda Cloud Security Guardian connection wizard.
    Steps with the double-dagger symbol (‡) denote where copying occurs.
    If you choose, you can copy the data into a text file as an intermediate step.

    Creating a Service Principal Application   
  4. In a separate browser tab or window, open your Azure account.

  5. In Azure, navigate to Azure Active Directory, then Manage > App registrations.

          Step 4 - App registrations.png

  6. Click New Registration. In the new window, enter the following information, then click Register.
    1. Name – Give this application a unique name that you will remember.
    2. Supported Account Types   – Select Accounts in any organizational directory (Any Azure AD directory - Multitenant).

       Step 5 - Register an application.png

  7. ‡ When Azure has created the application, copy the following fields and copy them into Barracuda Cloud Security Guardian. 
    Copy Application ID;  paste into the Application/Client ID field .
    Copy Directory/Tenant ID;  paste into the Directory/Tenant ID  field. 

    Step 6 - copy Application ID and Directory ID.png

    Setting Permission for Your Application
  8. In Azure App Registration, click View API Permission. Then click Add a Permission.

    Step 7 - Add a permission.png

  9.  Select Azure Active Directory Graph. Select Delegated Permissions. Under User, select the following two permissions. Then click Add Permissions.

    • User.Read
    • User.Read.All
    Step 8 - Azure Active Directory Graph.png
    Step 8-2 User.Read.All.png
  10. On the same page, select Application Permissions. Under Directory, select Directory.Read.All. Click Add Permissions
    Step 9 - Directory.Read.All.png
  11. Click Add a Permission, then select Microsoft Graph
    Step 10 - Microsoft Graph.png

  12. Under Application Permission, search for Security. Under SecurityEvents, select SecurityEvents.read.All. Then click Add Permissions
      Step 11 - SecurityEvents.Read.All.png

  13. Click Grant admin consent for your Subscription.
    Step 12 - Admin Consent.png

    Creating the Service Principal Key
  14. Log into the Azure portal: https://portal.azure.com
  15. In the left menu, click All services. Then click Azure Active Directory
  16. In the left menu of the Azure Active Directory page, click App registrations.
  17. Click on the registered app you created earlier in this process. The Registered app page opens.
  18. Click Certificates & secrets. The Certificates & secrets page opens. 
  19. In the Client secrets section, click New client secret
    Step 18 - Certificates & secrets.png
  20. The Add a client secret page opens. Specify the following:
    • Description – Enter a name for the service principal key.
    • Expires – Select Never expires
      Step 19 - Add a client secret.png
  21. Click Add
  22. The key displays in the Value column. Click the copy icon copy.png to copy the key to your clipboard.

    Important: You must copy the key before reloading the page because after you reload the page, the key no longer displays.

    Locating Your Subscription ID
  23. In Azure, navigate to Subscriptions, then double-click on your subscription.
    Step 22 - Subscriptions.png
  24.  Copy the Subscription ID. Switch to the browser tab running Barracuda Cloud Security Guardian and paste this value into the Subscription ID field.

    Assigning the Contributor Role to Your New Application
  25. Select Access Control (IAM), then click Add to add permission.
    Step 24.png
  26. In the Add permissions window, select the following information, then click Save.
    • Role – Reader
    • Assign access to – Azure AD user, group, or service principal.
    • Select – Select the application you created for use with Barracuda Cloud Security Guardian in Step 5 above.
      Step 25.png


    Completing the Process

  27. In the Barracuda Cloud Security Guardian connection wizard, you should now have all of the field information entered. Click Add. Barracuda Cloud Security Guardian creates the connection to your Azure account.
    The permissions might take a few minutes to apply. If you receive an error, review your information for accuracy and try submitting again. 

 

Deployment takes about 10 minutes.

The wizard performs an initial scan of your cloud connection. 

To continue getting started, refer to: