Import assets from Azure DNS.

Azure Setup

The easiest way to get started with importing Azure DNS assets is to use Azure's Cloud Shell to obtain settings and create a Role Assignment for Halo Security. After the setup is complete, we can visit the Halo Security platform to finish the connector integration.

For more information about Cloud Shell, visit

Step 1: Obtain Subscription ID

In Cloud Shell, type the following command to retrieve the Subscription ID:

az account show --query id --output tsv

Step 2: Obtain Resource Groups for DNS Zones

Type the following command to view Resource Groups for DNS Zones. Resource Groups will be used to limit the permissions and access for Halo Security's Role Assignment:

az network dns zone list --query [].resourceGroup --output tsv

Step 3: Create Role Assignment

Creating a Role Assignment allows Halo Security to access DNS zones and records with read-only permissions. Create an assignment by typing the following command, replacing SUBSCRIPTION_ID and RESOURCE_GROUP with the appropriate values retrieved above:

az ad sp create-for-rbac -n "HaloSecurity" --role Reader --scopes /subscriptions/SUBSCRIPTION_ID/resourceGroups/RESOURCE_GROUP

Take note of the output of this command, which will be used when connecting Azure to the Halo Security platform. It should look something similar to the following:

  "appId": "ffffffff-9231-4f6d-9a74-4f0c9eea2b31",
  "displayName": "HaloSecurity",
  "password": "fFf1F~4fGp~63nuFff1KcyQReXfdcTgDgH1dHail",
  "tenant": "f1fff1f1-e568-4b28-ff1f-eae09c934715"

Connect Azure to Halo Security

Visit the Connectors page at

Click the "+" icon in the top right to add a new connector. Choose a name and select "Azure" for the type. After creating the connector, finish setting it up by providing the following values that were obtained during the Azure Setup process:

  • Client ID: appId value created in Step 3

  • Client Secret: password value created in Step 3

  • Tenant: tenant value created in Step 3

  • Subscription Id: Subscription ID value retrieved in Step 1

Finally, click "Save Changes" and your connector will be ready for use. If you did not enable Auto Run, you can run the connector at any time by clicking the start icon.

Last updated