search
APISupportDashboard

Azure

Import assets from Azure DNS.

hashtag
Azure Setup

The easiest way to get started with importing Azure DNS assets is to use Azure's Cloud Shell to obtain settings and create a Role Assignment for Halo Security. After the setup is complete, we can visit the Halo Security platform to finish the integration.

For more information about Cloud Shell, visit https://learn.microsoft.com/en-us/azure/cloud-shell/overviewarrow-up-right.

hashtag
Step 1: Obtain Subscription ID

In Cloud Shell, type the following command to retrieve the Subscription ID:

az account show --query id --output tsv

hashtag
Step 2: Obtain Resource Groups for DNS Zones

Type the following command to view Resource Groups for DNS Zones. Resource Groups will be used to limit the permissions and access for Halo Security's Role Assignment:

az network dns zone list --query [].resourceGroup --output tsv

hashtag
Step 3: Create Role Assignment

Creating a Role Assignment allows Halo Security to access DNS zones and records with read-only permissions. Create an assignment by typing the following command, replacing SUBSCRIPTION_ID and RESOURCE_GROUP with the appropriate values retrieved above:

az ad sp create-for-rbac -n "HaloSecurity" --role Reader --scopes /subscriptions/SUBSCRIPTION_ID/resourceGroups/RESOURCE_GROUP

Take note of the output of this command, which will be used when connecting Azure to the Halo Security platform. It should look something similar to the following:

{
  "appId": "ffffffff-9231-4f6d-9a74-4f0c9eea2b31",
  "displayName": "HaloSecurity",
  "password": "fFf1F~4fGp~63nuFff1KcyQReXfdcTgDgH1dHail",
  "tenant": "f1fff1f1-e568-4b28-ff1f-eae09c934715"
}

hashtag
Connect Azure to Halo Security

  1. Visit your Settings → Integrations → Addarrow-up-right.

  2. Add the Azure integration.

  3. Add a name to create the integration.

  4. After creating the integration, finish setting it up by providing the following values that were obtained during the Azure Setup process:

    1. Client ID: appId value created in Step 3

    2. Client Secret: password value created in Step 3

    3. Tenant: tenant value created in Step 3

    4. Subscription Id: Subscription ID value retrieved in Step 1

  5. Finally, click "Save Changes" and your integration will be ready for use. If you did not enable Auto Run, you can run the integration at any time by clicking the start icon.

PreviousDiscovery IntegrationsNextGoogle Cloud

Last updated

Was this helpful?