Lucidum’s cyber beard is thriving! A Rising in Cyber 2025 Honoree! See the wisdom behind the whiskers → [Learn More!]

Lucidum’s cyber beard is thriving! A Rising in Cyber 2025 Honoree! See the wisdom behind the whiskers → [Learn More!]
View Categories

Microsoft Azure

Estimated Reading Time: 6 min read

What is Microsoft Azure? #

Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through a global network of Microsoft-managed data.

Why Should You use the Microsoft Azure Connector? #

Lucidum uses the Microsoft Azure connector to retrieve data from Microsoft Azure virtual machines and Azure services, including Azure Active Directory, Azure Blob Storage, Azure Cosmos DBs, and Azure SQL DBs.

  • ensure virtual machines and services are managed per your security policies

  • monitor each endpoint and its status

How Does This Connector Work? #

Lucidum executes read-only requests to the REST API for Microsoft Azure and ingests only meta-data about Azure instances and services. Lucidum does not retrieve any data stored on your systems.

Prerequisite: Creating an Azure Application #

Before configuring the Microsoft Azure connector in Lucidum, you must a create a read-only application in Azure Active Directory that allows Lucidum to retrieve information from Azure.

Creating a Client in Microsoft Azure (5 minutes) #

1. Log in to the Azure Portal (https://portal.azure.com/ ) with an Azure AD global administrator account.
  • https://portal.azure.com/
  • Log in with an Azure AD global administrator account
  • NOTE: Do not log in with the Application Administrator account. This Application Administrator account does not have the required privileges.
2. Click Home > Microsoft Entra ID.
  • If you have more than one directory, make sure you are logged in to the directory you want to access with Lucidum.
3. In Overview page:
  • In the Left pane click App registrations
  • In the Main pane click New registration
4. In the Register an application page:
  • Name. Name of the new application (for example, lucidum_connector_app).
  • Click Accounts in this organizational directory only
  • Click Register
5. In the <app name> page
  • Note and copy Application (client) ID. You will need it later.
  • Note and copy Object ID. You will need it later.
  • Note and copy Directory (tenant) ID. You will need it later.
  • In the Left Pane click Manage > Certificates & secrets
6. In the <app name> | Certificates & secrets page:
  • In the Main pane click New Client Secret
  • In Add a client secret pane (far right)
    • Description. Provide name of the Azure application (for example, lucidum_connector_app)
    • Expires. Select 180 days (6 months
    • Click Add
  • In the Main pane, note and copy the Value and Secret ID. You will need them later.
  • In the Left  pane click Manage > API permissions
7. In the <app name> | API permissions page:
  • In the Main pane click Add a permission
  • In the Request API permissions pane (far right):
    • Click AuditLogs> AuditLog.Read.All.
    • Click Directory > Directory.Read.All
    • Click User > User.Read.All
    • Click UserAuthenticationMethod > UserAuthenticationMethod.Read.All
    • Click Add permissions
  • In the Main pane, highlight each permission and click Grant admin consent for <your organization>
8. Click Home > Subscriptions.
9. In the Subscriptions page:
  • Copy the Subscription ID. You will need it later.
  • Click the link for your Azure subscription. Alsso copy the link. You will need it to configure a Role for Azure Blob Storage.
10.In the Main pane <azure subscription>:
  • Click Access Control (IAM)
  • Click Add > Role assignment.
11. In the Add role assignment page:
  • Search for Reader
  • Select Reader
  • Click Next
12. In the Add role assignment page:
  • Click Members
  • Click User, group, or service principal
  • Click Select Members
  • In the Select Members pane (far right)
    • Search for the app you created (for example, lucidum_connector_app)
    • Highlight the app.
    • Click Select
13. In the Add role assignment page:
  • Click Review + assign
  • Click Review + assign
14.In the Main pane <azure subscription>:
  • Click Access Control (IAM)
  • Click Add > Role assignment.
15. In the Add role assignment page:
  • Search for Storage Blob Data Reader
  • Select Storage Blob Data Reader
  • Click Next
16. In the Add role assignment page:
  • Click Members
  • Click User, group, or service principal
  • Click Select Members
  • In the Select Members pane (far right)
    • Search for the app you created (for example, lucidum_connector_app)
    • Highlight the app.
    • Click Select
17. In the Add role assignment page:
  • Click Review + assign
  • Click Review + assign

Optional Prerequisite: Creating a Role for Azure Blob Storage #

NOTE: If the Azure connector ingests data from Azure Blob storage, ensure that your firewall safe-lists include the IP address of your Lucidum instance.

To access data about Microsoft Azure Blob Storage, you must define an additional role, Storage Blob Data Reader, and add it to the Lucidum read-only application in Azure Active Directory. To do this:

1.      Log in to the Azure Portal (https://portal.azure.com/ ) with an Azure AD global administrator account.
  • https://portal.azure.com/
  • Log in with an Azure AD global administrator account
  • NOTE: Do not log in with the Application Administrator account. This Application Administrator account does not have the required privileges.
2.      Click Home > Subscriptions.
  • Enter the link you saved in step #9 above.
3.      In the Main pane <azure subscription>:
  • Click Access Control (IAM)
  • Click Add > Role assignment.
4.      In the Add role assignment page:
  • Search for Storage Blob Data Reader
  • Select Storage Blob Data Reader
  • Click Next
5.      In the Add role assignment page:
  • Click Members
  • Click User, group, or service principal
  • Click Select Members
  • In the Select Members pane (far right)
    • Search for the app you created (for example, lucidum_connector_app)
    • Highlight the app.
    • Click Select
6.      In the Add role assignment page:
  • Click Review + assign
  • Click Review + assign
7.      In the Main pane <azure subscription>:
  • Click Access Control (IAM)
  • You should see the new role assignment under “Storage Blob Data Reader”

Troubleshooting Azure Blob Storage #

NOTE: If the Azure connector ingests data from Azure Blob storage, ensure that your firewall safe-lists include the IP address of your Lucidum instance.

If you see the error:

Exception:Not authorized to perform list blobs for any container!"

you must safe-list the IP address of your Lucidum instance.

Configuring the Microsoft Azure Connector #

To configure Lucidum to retrieve data from Azure:

  1. Log in to Lucidum.

  2. In the left pane, select Connector.

  3. In the Connector page, select Add Connector.

  4. Scroll until you find the Connector for Microsoft Azure. Click Connect. The Settings page appears.

Field

Description

Example

Azure AD API Version

This is an optional parameter. Specify the version of the Azure AD API you are using with your Azure AD instance.

2021-08-01

Client ID

Enter the Client ID for the Lucidum application in Azure AD. Client ID is the unique identifier for the Lucidum application in Azure Active Directory. Client ID is also called Application ID. You captured this value in step #5 in the section above.

If you select the KMS checkbox, Lucidum will use the URL specified in Settings > System Settings, in the Key Management page.

5dab08ad-3948-4605-aa68-948333ee64819

Client Secret

Enter the Client Secret ID for the Lucidum application in Azure AD. You captured this value in step #6 the section above.

If you select the KMS checkbox, Lucidum will use the URL specified in Settings > System Settings, in the Key Management page.

 ************

Tenant ID

Enter the tenant ID. Tenant ID is a unique identifier for your instance of Azure AD You captured this value in step #5 in the section above.

If you select the KMS checkbox, Lucidum will use the URL specified in Settings > System Settings, in the Key Management page.

30930e4c-6cea-4c29-89d8-81e55978da47

Subscription ID

This is an optional parameter. Subscription ID represents your account with Microsoft. You captured this value in step #5 in the section above.

If you specify a value in this field, Lucidum will fetch data only from the specified subscription. The default behavior is for Lucidum to fetch data from all subscriptions associated with the specified Tenant ID.

d25c1387-a93e-4a8e-a45a-8ed1298932c5

Services

Select one or more Azure services from which you want to ingest data. Services include:

  • Azure Active Directory.

  • Azure Blob Storage

  • Azure Cosmos DB

  • Azure Functions

  • Azure SQL DB

  • Azure Virtual Machines

 To test the configuration, click Test.

  • If the connector is configured correctly, Lucidum displays a list of services that are accessible with the connector.

  • If the connector is not configured correctly, Lucidum displays an error message.

Source Documentation #

Creating an Application in Azure #

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exposed-apis-create-app-webapp?view=o365-worldwide

Required Permissions are:

  • User > User.Read.All

  • Directory > Directory.Read.All

  • AuditLog> AuditLogs.Read.All.

  • UserAuthenticationMethod > UserAuthenticationMethod.Read.All

API Documentation #

What are your Feelings

Solutions

COMPANY

Resource Library