For vScope to be able to analyze your Azure Resource Manager environment you need to give vScope read rights to your subscription(s). This is done by creating an Azure application, generating a key and applying these to an Azure RM credential in vScope. Follow this guide to get started using Azure Resource Manager with vScope.
1. Go to the Azure Resource Manager portal at http://portal.azure.com and sign in with your credentials. Open the “More services” menu and search for “App registrations”.
2. Click “+ New application registration”
to create a new app. Enter name, e.g. “vScope”, select “Web App / API” as application type and enter a valid (formatted) URL, e.g. “http://none”. Click “Create”.
3. Once the app is created, click it in the list of apps. The “Application ID” is needed for the vScope credential, copy it and store it for later. Now go to “Keys”.
4. Give the key a name, e.g. vscope-key and select “Never expires” as expiration date.
5. Once you press “Save” the value will appear. Copy this value and store it some place safe. You will need this value to create the vScope credential.
6. Now you need to set permission to the Web App that you just added. Click “Required permission” tab
7. Press “Windows Azure Active Directory”.
8. Select “Read directory data” from the list and hit save.
9. Press “Grant permission” in the top bar next to “Add”
10. Now that the application and the application key is created (and the correct permissions are set) we need to give the application sufficient rights for vScope to use it. Go to your subscriptions.
If you have multiple subscriptions, repeat steps 7-9 for each subscription you want vScope to access.
11. Select your subscription and go to “Access control (IAM)”. Press “+ Add”.
12. Select the role “Reader” to give vScope read rights to the content of the subscription. In step 2, search for whatever you named the application, tick the box, press “Select”, then “OK”.
13. You should end up with something looking like this; where your vScope application is assigned the role “Reader” to the subscription.
Adding the Azure credential in vScope
When you have assigned the reader role to the subscriptions you want, it’s time to create the vScope credential. Create an “Azure RM” credential using the Application ID from step 3, the key (value) from step 5 and your Azure domain (can be found under “Azure Active Directory” – “Domain names”, marked as “Primary”).
Testing your newly created credential should return “Authentication OK” and vScope is now ready to analyze your Azure Resource Manager environment after your next scan!