# Microsoft Azure

This app allows you to synchronize your Microsoft Azure assets into Badrap and receive security notifications about them. The app fetches a list of your organization's public IP addresses from your Azure installation with your consent, and adds those assets under your Badrap user account.

# Install the Azure app in Badrap

Anyone can install the Azure app in Badrap, but you will need Global Administrator, Application Administrator or Cloud Application Administrator level privileges to enable the app to access your Azure installation and to list your assets from there. If you do not have administrator role privileges, refer your administrator to these instructions and ask them to help you with the app configuration.

  1. Open the Azure app page (opens new window).
  1. The app asks for your consent to create & manage new assets. Click Install the app.

The Azure app is now installed. Next, you have to create a service principal for the app in your Azure installation, and to provide its configuration details to the app settings. You can do this either by using the Azure CLI (incredibly easy) or your Azure Portal (still easy).

# Using the Azure CLI

Note that installing Azure CLI to your computer is outside of the scope of this guide. You can use Microsoft's Azure CLI installation instructions (opens new window) to get started if you haven't installed it previously.

  1. Log into Azure using your Azure CLI utility.
az login
  1. List your subscription details:
az account show

The listing will look like this:

{
  "environmentName": "AzureCloud",
  "homeTenantId": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
  "id": "11111111-2222-3333-4444-555555666666",
  "isDefault": true,
  "managedByTenants": [],
  "name": "Pay-As-You-Go",
  "state": "Enabled",
  "tenantId": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee",
  "user": {
    "name": "adminroleuser@example.com",
    "type": "user"
  }
}

Make a note of the id field value (subscription ID) for the next step.

  1. Use the az ad sp command to create an application as a service principal with Reader role privileges. Substitute {subscription_id} in the example below with the id value you noted down previously. Note that the --name parameter is optional and you can define any name you want for the service principal.
az ad sp create-for-rbac --role "Reader" --scopes /subscriptions/{subscription_id} --name http://BadrapAzureApp

The output will look like this:

Creating 'Reader' role assignment under scope '/subscriptions/11111111-2222-3333-4444-555555666666'
  Retrying role assignment creation: 1/36
The output includes credentials that you must protect. Be sure that you do not include these credentials in your code or
check the credentials into your source control. For more information, see https://aka.ms/azadsp-cli
{
  "appId": "aabbccdd-1122-3344-5566-eeeeffff7777",
  "displayName": "BadrapAzureApp",
  "name": "http://BadrapAzureApp",
  "password": "****************************",
  "tenant": "aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"
}
  1. Under your Badrap Azure app settings, add your account details.
  1. Copy the tenant, appId and password values into the app settings:
  • Tenant ID: tenant
  • Application ID: appId
  • Client Secret: password
  1. In a few minutes after the Badrap Azure app has been configured into use, you should see a listing of your Azure assets under My Assets (opens new window).

# Using Azure Portal

  1. Log into your Azure Portal (opens new window). Select Azure Active Directory from the sidebar.
  1. Go to App Registrations.
  1. Click New registration. Enter the following details:
  • Name: Badrap Azure App
  • Supported Account Types: Accounts in this organizational directory only (your organization only)
  • Redirect URI (optional): leave blank
  1. Click Register to complete the new app registration.

  2. Now, give Reader permissions to the application. Go to Subscriptions via the Azure Portal top search bar or via the left sidebar.

  1. Choose the subscription you want to use.
  1. Select Access Control (IAM) in the subscription page.
  1. Click Add and select Add role assignment.
  1. For "Role", select Reader. For "Assign access to", select User, group or service principal.

  2. In the Select menu, type the name of the application you created in the previous step (e.g. "Badrap Azure App") and click on the search result. The app should now appear in the "Selected members" list. Then click Save.

  1. Under App Registrations, select the application you created.
  1. Note down the Directory (tenant) ID and Application (client) ID values.
  1. Under the same app, select Certificates and Secrets in the Manage menu.

  2. Under "Client secrets", click on New Client Secret.

  3. For the description field, you can use e.g. badrapClientSecret. Select a suitable time for expiration (e.g. one year), and click Add.

  4. Note down the Value field from the generated client secret.

  1. Under your Badrap Azure app settings, add a new account. Copy the Directory (tenant) ID, Application (client) ID and client secret values you noted down earlier into the Badrap Azure app settings.
  1. Click Add account to save your settings.

  2. In a few minutes after the app has been configured into use, you should see a listing of your Azure assets under My Assets (opens new window).

# Uninstalling the app

If you want to stop using the Badrap Azure app, you should uninstall it from your Badrap Azure app page (opens new window). Then you can clean up the app configuration from your Azure AD installation using either Azure CLI or your Azure Portal dashboard.

# Cleaning up via Azure CLI

  1. If you want to clean up your Azure configuration using the Azure CLI, just delete the service principal with the az ad sp delete command:
az ad sp delete --id http://BadrapAzureApp

The output of the command should look like this:

Removing role assignments

You've now successfully cleaned up your Azure configuration.

# Cleaning up via Azure Portal

  1. If you want to clean up your Azure configuration using your Azure Portal (opens new window), first log into the portal and select Azure Active Directory from the sidebar.
  1. Navigate to App Registrations.
  1. Click on the app that you created earlier, e.g. "Badrap Azure App".

  2. Select Delete from the actions at the top.

  1. This action will disable the app registration and move the app under the Deleted applications list on the App Registrations page.

  2. To delete the app registration and all its dependencies permanently, go to "Deleted applications", select the application (e.g. "Badrap Azure App"), and then choose Delete permanently.

  1. You've now successfully cleaned up your Azure configuration.