Azure
Visualize and map Azure cloud resources, and monitor changes through queries and alerts.
- Installation
- Authorization
- Data Model
- Types
- Release Notes
Installation
To install this integration, you will need to configure settings both within Azure and on JupiterOne. Before enabling in JupiterOne, ensure that you have completed the setup within your Azure.
Azure configuration
To set up this integration, you will need to authorize access by creating a Service Principal (App Registration) in Azure and provide the credentials to JupiterOne.
The integration is triggered by an event containing the information for a specific integration instance. Users configure the integration by providing API credentials obtained through the Azure portal.
Microsoft Entra ID is authenticated and accessed through the Microsoft Graph API. Azure Resource Manager is authenticated and accessed through Resource Manager APIs.
Creating the App Registration in Azure
The first step will be to create your App registration in Azure. From your Azure portal, navigate to Microsoft Entra ID > Manage > App registrations and continue through the following steps:
- Create a new App registration, using the Name
JupiterOne, selecting Accounts in this organizational directory only, with no "Redirect URI". - With the app created, navigate to the new app's Overview page.
- Copy both the Application (client) ID and the Directory (tenant) ID.
- Navigate to the Certificates & secrets section.
- Create a new client secret.
- Save and copy the generated secret Value (not the Secret ID).
With the App created, and the values saved, you will next need to configure the API permissions within Microsoft Entra ID.
API Permissions
To grant permissions for reading the Microsoft Graph information:
- Navigate to API permissions, select Microsoft Graph > Application Permissions
- Grant the following permission to the application:
Directory.Read.AllPolicy.Read.AllAuditLog.Read.AllDevice.Read.AllEntitlementManagement.Read.AllPolicy.Read.ConditionalAccess
- Grant admin consent for this directory for the permissions above.
IAM Roles (Azure Management Groups / Subscriptions)
The next step within Azure is granting the JupiterOne Reader RBAC subscription role to read Azure Resource Manager information.
To grant the role:
- Navigate to the correct scope for your integration.
- RECOMMENDED If configuring all subscription for a tenant: Navigate to Management Groups > the Tenant Root Group.
If it is not possible to select the Tenant Root Group first navigate to Microsoft Entra ID > Manage > Properties and select Yes on Access management for Azure resources. See this elevating access article for more information.
note
If using this feature, in JupiterOne on your integration instance, enable the following flags:
- Ingest Microsoft Entra ID
- Configure Subscription Instances
- Auto-Delete Removed Subscriptions
If configuring a single Azure Subscription: Navigate to Subscriptions and choose the subscription from which you want to ingest resources. Please fill the Subscription ID field in your integration instance. In Azure, to get the Subscription ID navigate to Subscriptions and Copy the ID of the one to be ingested.
- Auto-Delete Removed Subscriptions
- Create the custom role "JupiterOne Reader"
- Navigate to Access control (IAM) > Add > Add custom role.
- Input
JupiterOne Readerfor the Name. - Navigate to the JSON tab, select Edit, and input the following actions:
Actions to be added
"Microsoft.Advisor/recommendations/read", "Microsoft.ApiManagement/service/apis/read", "Microsoft.ApiManagement/service/read", "Microsoft.Authorization/classicAdministrators/read", "Microsoft.Authorization/locks/read", "Microsoft.Authorization/policyAssignments/read", "Microsoft.Authorization/policyDefinitions/read", "Microsoft.Authorization/policySetDefinitions/read", "Microsoft.Authorization/roleAssignments/read", "Microsoft.Authorization/roleDefinitions/read", "Microsoft.Automation/automationAccounts/read", "Microsoft.Batch/batchAccounts/applications/read", "Microsoft.Batch/batchAccounts/certificates/read", "Microsoft.Batch/batchAccounts/pools/read", "Microsoft.Batch/batchAccounts/read", "Microsoft.BotService/botServices/read", "Microsoft.BotService/botServices/channels/read", "Microsoft.Cache/redis/firewallRules/read", "Microsoft.Cache/redis/linkedServers/read", "Microsoft.Cache/redis/read", "Microsoft.Cdn/profiles/endpoints/read", "Microsoft.Cdn/profiles/read", "Microsoft.CognitiveServices/accounts/read", "Microsoft.Compute/disks/read", "Microsoft.Compute/galleries/images/read", "Microsoft.Compute/galleries/images/versions/read", "Microsoft.Compute/galleries/read", "Microsoft.Compute/images/read", "Microsoft.Compute/virtualMachines/extensions/read", "Microsoft.Compute/virtualMachines/read", "Microsoft.Compute/virtualMachineScaleSets/read", "Microsoft.Consumption/usageDetails/read", "Microsoft.ContainerInstance/containerGroups/read", "Microsoft.ContainerRegistry/registries/read", "Microsoft.ContainerRegistry/registries/webhooks/read", "Microsoft.ContainerService/managedClusters/maintenanceConfigurations/read", "Microsoft.ContainerService/managedClusters/read", "Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings/read", "Microsoft.DBforMariaDB/servers/databases/read", "Microsoft.DBforMariaDB/servers/read", "Microsoft.DBforMySQL/flexibleServers/databases/read", "Microsoft.DBforMySQL/flexibleServers/firewallRules/read", "Microsoft.DBforMySQL/flexibleServers/read", "Microsoft.DBforMySQL/servers/databases/read", "Microsoft.DBforMySQL/servers/firewallRules/read", "Microsoft.DBforMySQL/servers/read", "Microsoft.Databricks/workspaces/read", "Microsoft.DataProtection/backupVaults/read", "Microsoft.DBforPostgreSQL/flexibleServers/databases/read", "Microsoft.DBforPostgreSQL/flexibleServers/firewallRules/read", "Microsoft.DBforPostgreSQL/flexibleServers/read", "Microsoft.DBforPostgreSQL/servers/databases/read", "Microsoft.DBforPostgreSQL/servers/firewallRules/read", "Microsoft.DBforPostgreSQL/servers/read", "Microsoft.Devices/iotHubs/Read", "Microsoft.DocumentDB/databaseAccounts/read", "Microsoft.DocumentDB/databaseAccounts/sqlDatabases/read", "Microsoft.Easm/workspaces/read", "Microsoft.EventGrid/domains/read", "Microsoft.EventGrid/domains/topics/eventSubscriptions/read", "Microsoft.EventGrid/domains/topics/read", "Microsoft.EventGrid/topics/eventSubscriptions/read", "Microsoft.EventGrid/topics/read", "Microsoft.EventHub/clusters/read", "Microsoft.EventHub/namespaces/eventHubs/consumergroups/read", "Microsoft.EventHub/namespaces/eventhubs/read", "Microsoft.EventHub/namespaces/read", "Microsoft.Insights/ActivityLogAlerts/Read", "Microsoft.Insights/DiagnosticSettings/Read", "Microsoft.Insights/LogProfiles/Read", "Microsoft.KeyVault/managedHSMs/read", "Microsoft.KeyVault/vaults/keys/read", "Microsoft.KeyVault/vaults/read", "Microsoft.KeyVault/vaults/secrets/read", "Microsoft.MachineLearningServices/workspaces/read", "Microsoft.MachineLearningServices/workspaces/computes/read", "Microsoft.Management/managementGroups/read", "Microsoft.Network/applicationGateways/read", "Microsoft.Network/applicationSecurityGroups/read", "Microsoft.Network/azurefirewalls/read", "Microsoft.Network/bastionHosts/read", "Microsoft.Network/bgpServiceCommunities/read", "Microsoft.Network/ddosProtectionPlans/read", "Microsoft.Network/dnszones/read", "Microsoft.Network/dnszones/recordsets/read", "Microsoft.Network/expressRouteCircuits/peerings/connections/read", "Microsoft.Network/expressRouteCircuits/peerings/peerConnections/read", "Microsoft.Network/expressRouteCircuits/read", "Microsoft.Network/firewallPolicies/Read", "Microsoft.Network/firewallPolicies/ruleCollectionGroups/Read", "Microsoft.Network/frontDoors/read", "Microsoft.Network/loadBalancers/read", "Microsoft.Network/natGateways/read", "Microsoft.Network/networkInterfaces/read", "Microsoft.Network/networkSecurityGroups/read", "Microsoft.Network/networkWatchers/flowLogs/read", "Microsoft.Network/networkWatchers/read", "Microsoft.Network/privateDnsZones/read", "Microsoft.Network/privateDnsZones/recordsets/read", "Microsoft.Network/privateEndpoints/read", "Microsoft.Network/publicIPAddresses/read", "Microsoft.Network/virtualNetworks/read", "Microsoft.PolicyInsights/policyStates/queryResults/read", "Microsoft.RecoveryServices/vaults/read", "Microsoft.Resources/subscriptions/locations/read", "Microsoft.Resources/subscriptions/read", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Security/alerts/read", "Microsoft.Security/assessments/read", "Microsoft.Security/autoProvisioningSettings/read", "Microsoft.Security/iotSecuritySolutions/read", "Microsoft.Security/pricings/read", "Microsoft.Security/securityContacts/read", "Microsoft.Security/settings/read", "Microsoft.ServiceBus/namespaces/queues/read", "Microsoft.ServiceBus/namespaces/read", "Microsoft.ServiceBus/namespaces/topics/read", "Microsoft.ServiceBus/namespaces/topics/subscriptions/read", "Microsoft.Sql/managedInstances/administrators/read", "Microsoft.Sql/managedInstances/databases/read", "Microsoft.Sql/managedInstances/read", "Microsoft.Sql/servers/administrators/read", "Microsoft.Sql/servers/databases/read", "Microsoft.Sql/servers/firewallRules/read", "Microsoft.Sql/servers/read", "Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action", "Microsoft.Storage/storageAccounts/blobServices/containers/read", "Microsoft.Storage/storageAccounts/blobServices/read", "Microsoft.Storage/storageAccounts/fileServices/read", "Microsoft.Storage/storageAccounts/fileServices/shares/read", "Microsoft.Storage/storageAccounts/listKeys/action", "Microsoft.Storage/storageAccounts/queueServices/read", "Microsoft.Storage/storageAccounts/read", "Microsoft.Storage/storageAccounts/tableServices/read", "Microsoft.Storage/storageAccounts/tableServices/tables/read", "Microsoft.Subscription/policies/read", "Microsoft.Synapse/workspaces/keys/read", "Microsoft.Synapse/workspaces/read", "Microsoft.Synapse/workspaces/sqlPools/dataMaskingPolicies/read", "Microsoft.Synapse/workspaces/sqlPools/dataMaskingPolicies/rules/read", "Microsoft.Synapse/workspaces/sqlPools/read", "Microsoft.Web/serverfarms/Read", "Microsoft.Web/sites/config/list/action", "Microsoft.Web/sites/config/Read", "Microsoft.Web/sites/functions/read", "Microsoft.Web/sites/Read",
Data Actions to be added
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
-
Click Save > Review + Create > Create.
-
Assign Roles to the "JupiterOne" App:
- Navigate to Access control (IAM) > Add > Add role assignment
- Assign the
JupiterOne Readerrole to the JupiterOne member. - Navigate to the Memeber tab. Click on + Select Members, search for the JupiterOne App, click it, and then press Select.
- Navigate to the Review + assign tab and click Review + assign.
Key Vaults
Note: Azure allows two ways of retrieving vaults.
-
If using Key Vault RBAC: Repeat step 5 but assing the built-in "Key Vault Reader" Role to your JupiterOne App.
-
If using Key Vault Access Policy:
The final step in Azure will be granting JupiterOne permissions for the vault keys and secrets (rm-keyvault-keys and rm-keyvault-secrets).
note
You are required to grant the permissions to the JupiterOne security principal for each key vault in your account. Learn more on Azure for assigning a key vault access policy
To grant the permissions:
- Navigate to Key Vaults and select the one you wish to ingest.
- Click Access policies, then + Create
- On the Permissions tab, under Key permissions and Secret Permissions, select the permissions.
- Key Permissions
- Key Management Operations
- List
- Key Management Operations
- Secret Permissions
- Key Management Operations
- List
- Key Management Operations
- On the Principal tab, assign them to the JupiterOne App.
- Navigate to the Review + Create tab and click Create.
That concludes the setup from within Azure. The last thing to do is initiate the integration from within JupiterOne!
Data Volume Configuration
Control how much data is ingested from Azure to manage storage and processing.
Ingestion Windows (Time Ranges)
| Field | Description | Default | Options |
|---|---|---|---|
| Active Device Window | Maximum number of days in the past a device can be active to be eligible for ingestion. Devices with activity older than this threshold will be excluded. | 30 | 30, 90, 365 days, No limit |
How it affects data volume: A longer active device window increases the number of device entities ingested. Setting "No limit" ingests all devices regardless of last activity date.
Data Filtering Options
| Field | Type | Description | Default |
|---|---|---|---|
| Included Defender for cloud Alert Severities | Multi-select | Select Alert severities to ingest | High, Medium |
How it affects data volume: Severity filtering reduces the number of Defender alert entities by excluding lower-severity alerts. By default, only High and Medium severity alerts are ingested.
Configuration in JupiterOne
To add the Azure integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Azure. Click New Instance to begin configuring your integration.
Creating an instance requires the following:
-
The Account Name used to identify the Azure account in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen theAccountNametoggle is enabled. -
Description to assist in identifying the integration instance, if desired.
-
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration. -
Your Azure Directory (tenant) ID of the Entra ID to target the Azure API requests.
-
The Application (client) ID created for JupiterOne and used to authenticate with Azure.
-
Enable Ingest Microsoft Entra ID to ingest Directory information.
noteThe Ingest Microsoft Entra ID flag enables the ingestion of
azure_user,azure_user_group, andazure_service_principalentities.This should only be enabled for one integration instance per directory.
-
Configure the Subscription Instances for your integration:
- RECOMMENDED If configuring all subscriptions for a tenant: Select the option Configure Subscription Instances to automatically provision new JupiterOne integration instances for each Azure Subscription in this tenant that does not have a "JupiterOne" tag set to
SKIP. It is recommended that you use this feature when Ingest Microsoft Entra ID selected. - If configuring a single Azure Subscription: Enter the Subscription ID for the subscription you wish to ingest data from. In Azure, to get the Subscription ID, navigate to Subscriptions and copy the desired Subscription ID.
- RECOMMENDED If configuring all subscriptions for a tenant: Select the option Configure Subscription Instances to automatically provision new JupiterOne integration instances for each Azure Subscription in this tenant that does not have a "JupiterOne" tag set to
With Configure Subscription Instances enabled, you can opt to Auto-delete Removed Subscriptions within JupiterOne and Ingest disabled subscriptons to ingest subscriptions in a
disabledstate.
Once all values have been provided, click Create to finalize the integration.
Troubleshooting authentication
If the Azure integration job does not complete, and you encounter a message such as:
[validation_failure] Error occurred while validating integration configuration
in your job log, check the following common configuration errors:
-
Verify the Application (client) ID and Application (client) Secret: Make sure that you've verified the proper value for client ID and client secret. The client secret has both a Value property and a Secret ID property. The Secret ID is unused: make sure you haven't accidentally used the Secret ID as the Client ID.
-
Verify that you've enabled the proper API permissions: Make sure the required API permissions (described above) are enabled for the application.
-
Verify that the API permissions have been granted as "Application" and not "Delegated": The integration requires API Permissions of type Application. Permissions of type Delegated will cause issues in your integration.
-
Verify that your permissions have been "Grant(ed) admin consent for Directory": If you have added API Permissions to the application, but have not granted Admin Consent, the permissions are not yet active.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Permissions
IAM permissions that must be granted to the integration principal for data ingestion.
Show Permissions (192)
AccessReview.Read.AllAccessReview.ReadWrite.AllAccessReview.ReadWrite.MembershipMicrosoft.Advisor/recommendations/readMicrosoft.ApiManagement/service/apis/readMicrosoft.ApiManagement/service/readMicrosoft.AppConfiguration/configurationStores/readMicrosoft.Authorization/classicAdministrators/readMicrosoft.Authorization/locks/readMicrosoft.Authorization/policyAssignments/readMicrosoft.Authorization/policyDefinitions/readMicrosoft.Authorization/policySetDefinitions/readMicrosoft.Authorization/roleAssignments/readMicrosoft.Authorization/roleDefinitions/readMicrosoft.Automation/automationAccounts/readMicrosoft.Batch/batchAccounts/applications/readMicrosoft.Batch/batchAccounts/certificates/readMicrosoft.Batch/batchAccounts/pools/readMicrosoft.Batch/batchAccounts/readMicrosoft.BotService/botServices/channels/readMicrosoft.BotService/botServices/readMicrosoft.Cache/redis/firewallRules/readMicrosoft.Cache/redis/linkedServers/readMicrosoft.Cache/redis/readMicrosoft.Cdn/profiles/afdEndpoints/readMicrosoft.Cdn/profiles/afdEndpoints/routes/readMicrosoft.Cdn/profiles/customDomains/readMicrosoft.Cdn/profiles/endpoints/readMicrosoft.Cdn/profiles/originGroups/origins/readMicrosoft.Cdn/profiles/originGroups/readMicrosoft.Cdn/profiles/readMicrosoft.Chaos/experiments/readMicrosoft.Chaos/targets/capabilities/readMicrosoft.Chaos/targets/readMicrosoft.CognitiveServices/accounts/readMicrosoft.Compute/disks/readMicrosoft.Compute/galleries/images/readMicrosoft.Compute/galleries/images/versions/readMicrosoft.Compute/galleries/readMicrosoft.Compute/images/readMicrosoft.Compute/virtualMachineScaleSets/readMicrosoft.Compute/virtualMachines/extensions/readMicrosoft.Compute/virtualMachines/readMicrosoft.Consumption/usageDetails/readMicrosoft.ContainerInstance/containerGroups/readMicrosoft.ContainerRegistry/registries/readMicrosoft.ContainerRegistry/registries/webhooks/readMicrosoft.ContainerService/fleets/members/readMicrosoft.ContainerService/fleets/readMicrosoft.ContainerService/managedClusters/maintenanceConfigurations/readMicrosoft.ContainerService/managedClusters/readMicrosoft.ContainerService/managedClusters/trustedAccessRoleBindings/readMicrosoft.DBforMariaDB/servers/databases/readMicrosoft.DBforMariaDB/servers/readMicrosoft.DBforMySQL/flexibleServers/databases/readMicrosoft.DBforMySQL/flexibleServers/firewallRules/readMicrosoft.DBforMySQL/flexibleServers/readMicrosoft.DBforMySQL/servers/databases/readMicrosoft.DBforMySQL/servers/firewallRules/readMicrosoft.DBforMySQL/servers/readMicrosoft.DBforPostgreSQL/flexibleServers/databases/readMicrosoft.DBforPostgreSQL/flexibleServers/firewallRules/readMicrosoft.DBforPostgreSQL/flexibleServers/readMicrosoft.DBforPostgreSQL/servers/databases/readMicrosoft.DBforPostgreSQL/servers/firewallRules/readMicrosoft.DBforPostgreSQL/servers/readMicrosoft.DataMigration/services/projects/readMicrosoft.DataMigration/services/readMicrosoft.DataMigration/services/serviceTasks/readMicrosoft.DataProtection/backupVaults/readMicrosoft.DataShare/accounts/readMicrosoft.Databricks/workspaces/readMicrosoft.DesktopVirtualization/applicationGroups/desktops/readMicrosoft.DesktopVirtualization/applicationGroups/readMicrosoft.DesktopVirtualization/hostPools/readMicrosoft.DesktopVirtualization/workspaces/readMicrosoft.Devices/iotHubs/ReadMicrosoft.DocumentDB/databaseAccounts/readMicrosoft.DocumentDB/databaseAccounts/sqlDatabases/readMicrosoft.Easm/workspaces/readMicrosoft.EventGrid/domains/readMicrosoft.EventGrid/domains/topics/eventSubscriptions/readMicrosoft.EventGrid/domains/topics/readMicrosoft.EventGrid/topics/eventSubscriptions/readMicrosoft.EventGrid/topics/readMicrosoft.EventHub/clusters/readMicrosoft.EventHub/namespaces/eventHubs/consumergroups/readMicrosoft.EventHub/namespaces/eventhubs/readMicrosoft.EventHub/namespaces/readMicrosoft.HybridCompute/machines/extensions/readMicrosoft.HybridCompute/machines/readMicrosoft.Insights/ActivityLogAlerts/ReadMicrosoft.Insights/DiagnosticSettings/ReadMicrosoft.Insights/LogProfiles/ReadMicrosoft.Insights/components/readMicrosoft.Insights/eventtypes/values/ReadMicrosoft.KeyVault/managedHSMs/readMicrosoft.KeyVault/vaults/keys/readMicrosoft.KeyVault/vaults/readMicrosoft.KeyVault/vaults/secrets/readMicrosoft.MachineLearningServices/workspaces/computes/readMicrosoft.MachineLearningServices/workspaces/readMicrosoft.ManagedServices/registrationAssignments/readMicrosoft.ManagedServices/registrationDefinitions/readMicrosoft.Management/managementGroups/readMicrosoft.Network/applicationGateways/readMicrosoft.Network/applicationSecurityGroups/readMicrosoft.Network/azurefirewalls/readMicrosoft.Network/bastionHosts/readMicrosoft.Network/bgpServiceCommunities/readMicrosoft.Network/ddosProtectionPlans/readMicrosoft.Network/dnszones/readMicrosoft.Network/dnszones/recordsets/readMicrosoft.Network/expressRouteCircuits/peerings/connections/readMicrosoft.Network/expressRouteCircuits/peerings/peerConnections/readMicrosoft.Network/expressRouteCircuits/readMicrosoft.Network/firewallPolicies/ReadMicrosoft.Network/firewallPolicies/ruleCollectionGroups/ReadMicrosoft.Network/frontDoors/readMicrosoft.Network/loadBalancers/readMicrosoft.Network/natGateways/readMicrosoft.Network/networkInterfaces/readMicrosoft.Network/networkSecurityGroups/readMicrosoft.Network/networkSecurityGroups/securityRules/readMicrosoft.Network/networkWatchers/flowLogs/readMicrosoft.Network/networkWatchers/readMicrosoft.Network/privateDnsZones/readMicrosoft.Network/privateDnsZones/recordsets/readMicrosoft.Network/privateEndpoints/readMicrosoft.Network/publicIPAddresses/readMicrosoft.Network/routeTables/readMicrosoft.Network/trafficmanagerprofiles/readMicrosoft.Network/virtualHubs/readMicrosoft.Network/virtualNetworks/readMicrosoft.Network/virtualWans/readMicrosoft.Network/vpnGateways/readMicrosoft.OperationalInsights/workspaces/readMicrosoft.PolicyInsights/policyStates/queryResults/readMicrosoft.RecoveryServices/vaults/readMicrosoft.Resources/deployments/readMicrosoft.Resources/subscriptions/locations/readMicrosoft.Resources/subscriptions/readMicrosoft.Resources/subscriptions/resourceGroups/readMicrosoft.ScVmm/virtualMachineInstances/readMicrosoft.Security/alerts/readMicrosoft.Security/assessments/readMicrosoft.Security/autoProvisioningSettings/readMicrosoft.Security/iotSecuritySolutions/readMicrosoft.Security/pricings/readMicrosoft.Security/securityContacts/readMicrosoft.Security/settings/readMicrosoft.ServiceBus/namespaces/queues/readMicrosoft.ServiceBus/namespaces/readMicrosoft.ServiceBus/namespaces/topics/readMicrosoft.ServiceBus/namespaces/topics/subscriptions/readMicrosoft.Sql/managedInstances/administrators/readMicrosoft.Sql/managedInstances/databases/readMicrosoft.Sql/managedInstances/readMicrosoft.Sql/servers/administrators/readMicrosoft.Sql/servers/databases/readMicrosoft.Sql/servers/firewallRules/readMicrosoft.Sql/servers/readMicrosoft.SqlVirtualMachine/sqlVirtualMachines/readMicrosoft.Storage/storageAccounts/blobServices/containers/readMicrosoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/actionMicrosoft.Storage/storageAccounts/blobServices/readMicrosoft.Storage/storageAccounts/fileServices/readMicrosoft.Storage/storageAccounts/fileServices/shares/readMicrosoft.Storage/storageAccounts/listKeys/actionMicrosoft.Storage/storageAccounts/queueServices/readMicrosoft.Storage/storageAccounts/readMicrosoft.Storage/storageAccounts/tableServices/readMicrosoft.Storage/storageAccounts/tableServices/tables/readMicrosoft.StreamAnalytics/clusters/privateEndpoints/readMicrosoft.StreamAnalytics/clusters/readMicrosoft.StreamAnalytics/streamingjobs/readMicrosoft.Subscription/policies/readMicrosoft.Synapse/workspaces/keys/readMicrosoft.Synapse/workspaces/readMicrosoft.Synapse/workspaces/sqlPools/dataMaskingPolicies/readMicrosoft.Synapse/workspaces/sqlPools/dataMaskingPolicies/rules/readMicrosoft.Synapse/workspaces/sqlPools/readMicrosoft.Web/serverfarms/ReadMicrosoft.Web/sites/ReadMicrosoft.Web/sites/config/ReadMicrosoft.Web/sites/config/list/actionMicrosoft.Web/sites/functions/readOracle.Database/cloudExadataInfrastructures/dbServers/readOracle.Database/cloudExadataInfrastructures/readOracle.Database/cloudVmClusters/dbNodes/readOracle.Database/dbSystems/readOracle.Database/exadbVmClusters/read
OAuth Scopes
OAuth scopes that must be granted to the application or service principal.
Show OAuth Scopes (8)
Application.Read.AllAuditLog.Read.AllDevice.Read.AllDirectory.Read.AllDomain.Read.AllEntitlementManagement.Read.AllPolicy.Read.AllPolicy.Read.ConditionalAccess
Per-Step Breakdown
Detailed authorization requirements for each ingestion step.
Show all steps (267)
| Step | Permissions | OAuth Scopes |
|---|---|---|
| Access Package Assignment Contains Access Package Assignment Policy | - | - |
| Access Package HAS Access Package Assignment | - | - |
| Access Reviews | AccessReview.Read.All, AccessReview.ReadWrite.All, AccessReview.ReadWrite.Membership | - |
| API Management APIs | Microsoft.ApiManagement/service/apis/read | - |
| API Management Services | Microsoft.ApiManagement/service/read | - |
| API Management Services Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| App Configuration Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| App Configuration Stores | Microsoft.AppConfiguration/configurationStores/read | - |
| App Service Apps | Microsoft.Web/sites/Read, Microsoft.Web/sites/config/Read, Microsoft.Web/sites/config/list/action | - |
| App Service Functions | Microsoft.Web/sites/functions/read | - |
| App Service Plans | Microsoft.Web/serverfarms/Read | - |
| Application Insights Components | Microsoft.Insights/components/read | - |
| Application Insights Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Application Security Group | Microsoft.Network/applicationSecurityGroups/read | - |
| ARM Deployments | Microsoft.Resources/deployments/read | - |
| Automation Account -> Private Endpoint Relationships | Microsoft.Automation/automationAccounts/read | - |
| Automation Accounts | Microsoft.Automation/automationAccounts/read | - |
| Automation Accounts Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Azure Access Package Has Application | - | - |
| Azure Application Gateway | Microsoft.Network/applicationGateways/read | - |
| Azure Arc Machine Extensions | Microsoft.HybridCompute/machines/extensions/read | - |
| Azure Arc Machines | Microsoft.HybridCompute/machines/read | - |
| Azure Arc SCVMM Virtual Machine Instances | Microsoft.ScVmm/virtualMachineInstances/read | - |
| Azure Bgp Service Communities | Microsoft.Network/bgpServiceCommunities/read | - |
| Azure Consumer Group | Microsoft.EventHub/namespaces/eventHubs/consumergroups/read | - |
| Azure Event Hub | Microsoft.EventHub/namespaces/eventhubs/read | - |
| Azure Group assigned to Access Package | - | - |
| Azure Peer Express Route Connection | Microsoft.Network/expressRouteCircuits/peerings/peerConnections/read | - |
| Azure user assigned to Access Package | - | - |
| Azure user Created Entitlement Management Access Package Request | - | - |
| Bastion Hosts | Microsoft.Network/bastionHosts/read | - |
| Batch Accounts | Microsoft.Batch/batchAccounts/read | - |
| Batch Accounts Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Batch Applications | Microsoft.Batch/batchAccounts/applications/read | - |
| Batch Certificates | Microsoft.Batch/batchAccounts/certificates/read | - |
| Batch Pools | Microsoft.Batch/batchAccounts/pools/read | - |
| Bot Service Bot -> Private Endpoint Relationships | Microsoft.BotService/botServices/read | - |
| Bot Service Bots | Microsoft.BotService/botServices/read | - |
| Bot Service Channels | Microsoft.BotService/botServices/channels/read | - |
| Bot Service Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Build Azure Application Ownership Relationships | - | Application.Read.All |
| Build Ddos Protection Plan Public Ip Relationship | - | - |
| Build Ddos Protection Plan Vnet Relationship | - | - |
| Build Key Vault Service Synapse Keys Relationship | - | - |
| Build Resource Group Ddos Protection Plan Relationship | - | - |
| Build Synapse Service and key Relationship | - | - |
| Build Synapse Service and SQL Pool Relationship | - | - |
| Build Synapse Service and Workspace Relationship | - | - |
| Build Synapse SQL Pool Data Masking Policy Relationship | - | - |
| Build Synapse Sql Pool Data Masking Rule Relationship | - | - |
| Build Synapse Workspace and Keys Relationship | - | - |
| Build Synapse Workspace and SQL Pool Relationship | - | - |
| CDN Endpoints | Microsoft.Cdn/profiles/endpoints/read | - |
| CDN Endpoints Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| CDN Profiles | Microsoft.Cdn/profiles/read | - |
| CDN Profiles Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Chaos Studio Capabilities | Microsoft.Chaos/targets/capabilities/read | - |
| Chaos Studio Experiment Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Chaos Studio Experiments | Microsoft.Chaos/experiments/read | - |
| Chaos Studio Targets | Microsoft.Chaos/targets/read | - |
| Classic Administrators | Microsoft.Authorization/classicAdministrators/read | - |
| Container Groups | Microsoft.ContainerInstance/containerGroups/read | - |
| Container Registries | Microsoft.ContainerRegistry/registries/read | - |
| Container Registries Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Container Registry Webhooks | Microsoft.ContainerRegistry/registries/webhooks/read | - |
| CosmosDB SQL Databases | Microsoft.DocumentDB/databaseAccounts/read, Microsoft.DocumentDB/databaseAccounts/sqlDatabases/read | - |
| Data Migration Projects | Microsoft.DataMigration/services/projects/read | - |
| Data Migration Service Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Data Migration Services | Microsoft.DataMigration/services/read | - |
| Data Migration Tasks | Microsoft.DataMigration/services/serviceTasks/read | - |
| Data Protection Backup Vaults | Microsoft.DataProtection/backupVaults/read | - |
| Data Protection Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Data Share Accounts | Microsoft.DataShare/accounts/read | - |
| Data Share Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Databricks Workspaces | Microsoft.Databricks/workspaces/read | - |
| Defender Alerts | Microsoft.Security/alerts/read | - |
| Defender EASM Workspaces | Microsoft.Easm/workspaces/read | - |
| Desktop Virtualization Application Groups | Microsoft.DesktopVirtualization/applicationGroups/read | - |
| Desktop Virtualization Desktops | Microsoft.DesktopVirtualization/applicationGroups/desktops/read | - |
| Desktop Virtualization Host Pool Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Desktop Virtualization Host Pools | Microsoft.DesktopVirtualization/hostPools/read | - |
| Desktop Virtualization Workspace Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Desktop Virtualization Workspaces | Microsoft.DesktopVirtualization/workspaces/read | - |
| DNS Record Sets | Microsoft.Network/dnszones/recordsets/read | - |
| DNS Zones | Microsoft.Network/dnszones/read | - |
| Document Intelligence Accounts | Microsoft.CognitiveServices/accounts/read, Microsoft.Resources/subscriptions/resourceGroups/read | - |
| Document Intelligence Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Entitlement Management Access Package Approver IS Azure User | - | - |
| Entitlement Management Access Package Assignment Approver | - | EntitlementManagement.Read.All |
| Entitlement Management Resource Application Assigned To Access Catalog | - | - |
| Entra ID Authentication Methods Policy | - | Policy.Read.All |
| Entra ID Authentication Strength Policy | - | Policy.Read.All |
| Entra ID Authorization Policy | - | Policy.Read.All |
| Entra ID Device Registration Policy | - | Policy.Read.All |
| Entra ID Group Members | - | Directory.Read.All |
| Entra ID Groups | - | Directory.Read.All |
| Entra ID Role Definitions | - | Directory.Read.All |
| Entra ID Service Principal Access | - | Directory.Read.All |
| Entra ID Service Principals | - | Directory.Read.All |
| Entra ID Users | - | Directory.Read.All |
| Event Grid Domain Topic Subscriptions | Microsoft.EventGrid/domains/topics/eventSubscriptions/read | - |
| Event Grid Domain Topics | Microsoft.EventGrid/domains/topics/read | - |
| Event Grid Domains | Microsoft.EventGrid/domains/read | - |
| Event Grid Domains Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Event Grid Topic Subscriptions | Microsoft.EventGrid/topics/eventSubscriptions/read | - |
| Event Grid Topics | Microsoft.EventGrid/topics/read, Microsoft.Insights/DiagnosticSettings/Read | - |
| Event Grid Topics Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Event Hub Cluster | Microsoft.EventHub/clusters/read | - |
| Event Hub Namespace | Microsoft.EventHub/namespaces/read | - |
| Express Route Circuit | Microsoft.Network/expressRouteCircuits/read | - |
| Express Route Circuit Connection | Microsoft.Network/expressRouteCircuits/peerings/connections/read | - |
| Fetch application credentials | - | - |
| Fetch Container Maintenance Configurations | Microsoft.ContainerService/managedClusters/maintenanceConfigurations/read | - |
| Fetch Container Services Clusters | Microsoft.ContainerService/managedClusters/read | - |
| Fetch Ddos Protection Plan | Microsoft.Network/ddosProtectionPlans/read | - |
| Fetch Front Door AFD Custom Domains | Microsoft.Cdn/profiles/customDomains/read | - |
| Fetch Front Door AFD Endpoints | Microsoft.Cdn/profiles/afdEndpoints/read | - |
| Fetch Front Door AFD Origin Groups | Microsoft.Cdn/profiles/originGroups/read | - |
| Fetch Front Door AFD Origins | Microsoft.Cdn/profiles/originGroups/origins/read | - |
| Fetch Front Door AFD Profiles | Microsoft.Cdn/profiles/read | - |
| Fetch Front Door AFD Routes | Microsoft.Cdn/profiles/afdEndpoints/routes/read | - |
| Fetch FrontDoors | Microsoft.Network/frontDoors/read | - |
| Fetch Synapse Data Masking Policy | Microsoft.Synapse/workspaces/sqlPools/dataMaskingPolicies/read | - |
| Fetch Synapse Data Masking Rule | Microsoft.Synapse/workspaces/sqlPools/dataMaskingPolicies/rules/read | - |
| Fetch Synapse Keys | Microsoft.Synapse/workspaces/keys/read | - |
| Fetch Traffic Manager Profiles | Microsoft.Network/trafficmanagerprofiles/read | - |
| Fetch Trusted Access Roles | Microsoft.ContainerService/managedClusters/trustedAccessRoleBindings/read | - |
| Fetch Virtual Hubs | Microsoft.Network/virtualHubs/read | - |
| Fetch Virtual WANs | Microsoft.Network/virtualWans/read | - |
| Fetch VPN Connections | Microsoft.Network/vpnGateways/read | - |
| Fetch VPN Gateways | Microsoft.Network/vpnGateways/read | - |
| Front Door AFD Profile Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Galleries | Microsoft.Compute/galleries/read | - |
| Gallery Shared Image Versions | Microsoft.Compute/galleries/images/versions/read | - |
| Gallery Shared Images | Microsoft.Compute/galleries/images/read | - |
| Group Setting Templates | - | Directory.Read.All |
| Group Settings | - | Directory.Read.All |
| IoT Hub Security Solution Relationships | - | - |
| IoT Hubs | Microsoft.Devices/iotHubs/Read | - |
| IoT Security Solutions | Microsoft.Security/iotSecuritySolutions/read | - |
| Key Vault Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Key Vault Keys | Microsoft.KeyVault/vaults/keys/read | - |
| Key Vault Secrets | Microsoft.KeyVault/vaults/secrets/read | - |
| Key Vaults | Microsoft.KeyVault/vaults/read | - |
| Kubernetes Fleet Managers | Microsoft.ContainerService/fleets/read | - |
| Kubernetes Fleet Members | Microsoft.ContainerService/fleets/members/read | - |
| Load Balancer Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Load Balancers | Microsoft.Network/loadBalancers/read | - |
| Load Balancers NIC Relationships | - | - |
| Log Analytics Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Log Analytics Workspaces | Microsoft.OperationalInsights/workspaces/read | - |
| Machine Learning Compute | Microsoft.MachineLearningServices/workspaces/computes/read | - |
| Machine Learning Workspace -> Private Endpoint Relationships | Microsoft.MachineLearningServices/workspaces/read | - |
| Machine Learning Workspace Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Machine Learning Workspaces | Microsoft.MachineLearningServices/workspaces/read | - |
| Managed HSMs | Microsoft.KeyVault/managedHSMs/read | - |
| Managed Services Registration Assignments | Microsoft.ManagedServices/registrationAssignments/read | - |
| Managed Services Registration Definitions | Microsoft.ManagedServices/registrationDefinitions/read | - |
| Management Groups | Microsoft.Management/managementGroups/read | - |
| MariaDB Databases | Microsoft.DBforMariaDB/servers/databases/read, Microsoft.DBforMariaDB/servers/read | - |
| MariaDB Databases Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Monitor Activity Log Alerts | Microsoft.Insights/ActivityLogAlerts/Read | - |
| Monitor Activity Log Events | Microsoft.Insights/eventtypes/values/Read | - |
| Monitor Log Profiles | Microsoft.Insights/LogProfiles/Read | - |
| MySQL Databases | Microsoft.DBforMySQL/servers/read, Microsoft.DBforMySQL/servers/databases/read | - |
| MySQL Databases Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| MySQL Flexible Databases | Microsoft.DBforMySQL/flexibleServers/databases/read | - |
| MySQL Flexible Server Firewall Rules | Microsoft.DBforMySQL/flexibleServers/firewallRules/read | - |
| MySQL Flexible Servers | Microsoft.DBforMySQL/flexibleServers/read | - |
| MySQL Server Firewall Rules | Microsoft.DBforMySQL/servers/firewallRules/read | - |
| Network Application Gateway Ip Relationships | - | - |
| Network Azure Firewalls | Microsoft.Network/azurefirewalls/read | - |
| Network Azure Firewalls Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Network Firewall IP Relationships | - | - |
| Network Firewall Policies | Microsoft.Network/firewallPolicies/Read | - |
| Network Firewall Rules Relationships | Microsoft.Network/firewallPolicies/ruleCollectionGroups/Read | - |
| Network Interfaces | Microsoft.Network/networkInterfaces/read | - |
| Network Load Balancers IP Relationships | - | - |
| Network NAT Gateways | Microsoft.Network/natGateways/read | - |
| Network NAT Gateways IP Relationships | - | - |
| Network Security Group Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Network Security Group NIC Relationships | - | - |
| Network Security Groups | Microsoft.Network/networkSecurityGroups/read | - |
| Network Security Rules | Microsoft.Network/networkSecurityGroups/securityRules/read | - |
| Network Securtiy Group Flow Logs | Microsoft.Network/networkWatchers/flowLogs/read | - |
| Network Watchers | Microsoft.Network/networkWatchers/read | - |
| Oracle DB Nodes | Oracle.Database/cloudVmClusters/dbNodes/read | - |
| Oracle DB Servers | Oracle.Database/cloudExadataInfrastructures/dbServers/read | - |
| Oracle DB Systems | Oracle.Database/dbSystems/read | - |
| Oracle Exadata Infrastructures | Oracle.Database/cloudExadataInfrastructures/read | - |
| Oracle ExaDB VM Clusters | Oracle.Database/exadbVmClusters/read | - |
| Policy Assignments | Microsoft.Authorization/policyAssignments/read | - |
| Policy Definitions | Microsoft.Authorization/policyDefinitions/read, Microsoft.Authorization/policySetDefinitions/read | - |
| Policy States | Microsoft.PolicyInsights/policyStates/queryResults/read | - |
| PostgreSQL Databases | Microsoft.DBforPostgreSQL/servers/databases/read | - |
| PostgreSQL Flexible Databases | Microsoft.DBforPostgreSQL/flexibleServers/databases/read | - |
| PostgreSQL Flexible Server Firewall Rules | Microsoft.DBforPostgreSQL/flexibleServers/firewallRules/read | - |
| PostgreSQL Flexible Servers | Microsoft.DBforPostgreSQL/flexibleServers/read | - |
| PostgreSQL Server Firewall Rules | Microsoft.DBforPostgreSQL/servers/firewallRules/read | - |
| PostgreSQL Servers | Microsoft.DBforPostgreSQL/servers/read | - |
| PostgreSQL Servers Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Private DNS Record Sets | Microsoft.Network/privateDnsZones/recordsets/read | - |
| Private DNS Zones | Microsoft.Network/privateDnsZones/read | - |
| Private Endpoints | Microsoft.Network/privateEndpoints/read | - |
| Public IP Addresses | Microsoft.Network/publicIPAddresses/read | - |
| Public IP Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Recommendations | Microsoft.Advisor/recommendations/read | - |
| Recovery Services Vault -> Private Endpoint Relationships | Microsoft.RecoveryServices/vaults/read | - |
| Recovery Services Vaults | Microsoft.RecoveryServices/vaults/read | - |
| Redis Caches | Microsoft.Cache/redis/read | - |
| Redis Firewall Rules | Microsoft.Cache/redis/firewallRules/read | - |
| Redis Linked Servers | Microsoft.Cache/redis/linkedServers/read | - |
| Resource Groups | Microsoft.Resources/subscriptions/resourceGroups/read | - |
| Resource Locks | Microsoft.Authorization/locks/read | - |
| Role Assignments | Microsoft.Authorization/roleAssignments/read | - |
| Role Definitions | Microsoft.Authorization/roleDefinitions/read | - |
| Route Table Routes | - | - |
| Route Tables | Microsoft.Network/routeTables/read | - |
| Security Assessments | Microsoft.Security/assessments/read | - |
| Security Center Auto-Provisioning Settings | Microsoft.Security/autoProvisioningSettings/read | - |
| Security Center Pricing Configurations | Microsoft.Security/pricings/read | - |
| Security Center Settings | Microsoft.Security/settings/read | - |
| Security Contacts | Microsoft.Security/securityContacts/read | - |
| Service Bus Namespaces | Microsoft.ServiceBus/namespaces/read | - |
| Service Bus Queues | Microsoft.ServiceBus/namespaces/queues/read | - |
| Service Bus Topic Subscriptions | Microsoft.ServiceBus/namespaces/topics/subscriptions/read | - |
| Service Bus Topics | Microsoft.ServiceBus/namespaces/topics/read | - |
| Skipped Subscriptions | Microsoft.Resources/subscriptions/read | - |
| SQL Databases | Microsoft.Sql/servers/databases/read | - |
| SQL Managed Instance Databases | Microsoft.Sql/managedInstances/databases/read | - |
| SQL Managed Instance Entra ID Admins | Microsoft.Sql/managedInstances/administrators/read | - |
| SQL Managed Instance Private Endpoint Relationships | - | - |
| SQL Managed Instances | Microsoft.Sql/managedInstances/read | - |
| SQL Server Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| SQL Server Entra ID Admins | Microsoft.Sql/servers/administrators/read | - |
| SQL Server Firewall Rules | Microsoft.Sql/servers/firewallRules/read | - |
| SQL Servers | Microsoft.Sql/servers/read | - |
| SQL Virtual Machines | Microsoft.SqlVirtualMachine/sqlVirtualMachines/read | - |
| Storage Accounts | Microsoft.Storage/storageAccounts/read, Microsoft.Storage/storageAccounts/blobServices/read, Microsoft.Storage/storageAccounts/queueServices/read, Microsoft.Storage/storageAccounts/tableServices/read, Microsoft.Storage/storageAccounts/fileServices/read | - |
| Storage Accounts Keys | Microsoft.Storage/storageAccounts/listKeys/action | - |
| Storage Blob Services | Microsoft.Storage/storageAccounts/blobServices/read | - |
| Storage Containers | Microsoft.Storage/storageAccounts/blobServices/containers/read, Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action | - |
| Storage File Shares | Microsoft.Storage/storageAccounts/fileServices/shares/read | - |
| Storage Queues | Microsoft.Storage/storageAccounts/queueServices/read | - |
| Storage Tables | Microsoft.Storage/storageAccounts/tableServices/tables/read | - |
| Stream Analytics Clusters | Microsoft.StreamAnalytics/clusters/read | - |
| Stream Analytics Jobs | Microsoft.StreamAnalytics/streamingjobs/read | - |
| Stream Analytics Private Endpoints | Microsoft.StreamAnalytics/clusters/privateEndpoints/read | - |
| Subscription Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Subscription Locations | Microsoft.Resources/subscriptions/locations/read | - |
| Subscription Policies | Microsoft.Subscription/policies/read | - |
| Subscription Usage Details | Microsoft.Consumption/usageDetails/read | - |
| Subscriptions | Microsoft.Resources/subscriptions/read | - |
| Synapse Service | - | - |
| Synapse SQL Pool | Microsoft.Synapse/workspaces/sqlPools/read | - |
| Synapse Workspaces | Microsoft.Synapse/workspaces/read | - |
| Traffic Manager Profile Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Virtual Hub Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Virtual Machine Disk Images | Microsoft.Compute/images/read | - |
| Virtual Machine Disks | Microsoft.Compute/disks/read | - |
| Virtual Machine Extensions | Microsoft.Compute/virtualMachines/extensions/read | - |
| Virtual Machine Scale Sets | Microsoft.Compute/virtualMachineScaleSets/read | - |
| Virtual Machines | Microsoft.Compute/virtualMachines/read, Microsoft.Network/networkInterfaces/read | - |
| Virtual Network Diagostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| Virtual Networks | Microsoft.Network/virtualNetworks/read | - |
| Virtual WAN Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
| VPN Gateway Diagnostic Settings | Microsoft.Insights/DiagnosticSettings/Read | - |
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| [AD] Access Review | azure_access_review | Review |
| [AD] Account | azure_account | Account |
| [AD] Authentication Methods Policy | azure_authentication_methods_policy | AccessPolicy |
| [AD] Authentication Strength Policy | azure_authentication_strength_policy | PasswordPolicy |
| [AD] Authorization Policy | azure_authorization_policy | AccessPolicy |
| [AD] Conditional Access | azure_conditional_access_service | Service |
| [AD] Conditional Access Authorization Context | azure_conditional_access_authorization_context | Resource |
| [AD] Conditional Access Named location | azure_conditional_access_named_location | Network |
| [AD] Conditional Access Policy | azure_conditional_access_policy | AccessPolicy |
| [AD] Conditional Access Template | azure_conditional_access_template | AccessPolicy |
| [AD] Device Registration Policy | azure_device_registration_policy | AccessPolicy |
| [AD] Domain | azure_domain | Service |
| [AD] Group | azure_group | Group |
| [AD] Group Member | azure_group_member | User |
| [AD] Group.Unified Setting | azure_group_unified_setting | Configuration |
| [AD] Group.Unified Setting Template | azure_group_unified_setting_template | Configuration |
| [AD] Group.Unified.Guest Setting | azure_group_unified_guest_setting | Configuration |
| [AD] Group.Unified.Guest Setting Template | azure_group_unified_guest_setting_template | Configuration |
| [AD] Role Definition | azure_ad_role_definition | AccessRole |
| [AD] Service Principal | azure_service_principal | Service |
| [AD] User | azure_user | User |
| [RM] Access Role | azure_kube_trusted_access_role | AccessRole |
| [RM] Advisor Recommendation | azure_advisor_recommendation | Finding |
| [RM] API Management API | azure_api_management_api | ApplicationEndpoint |
| [RM] API Management Service | azure_api_management_service | Gateway |
| [RM] App Configuration Store | azure_app_configuration_store | Configuration |
| [RM] App Service Plan | azure_app_service_plan | Configuration |
| [RM] Application Insights | azure_application_insights | Application |
| [RM] Automation Account | azure_automation_account | Service |
| [RM] Azure Arc Machine | azure_arc_machine | Host |
| [RM] Azure Arc Machine Extension | azure_arc_machine_extension | Application |
| [RM] Azure Arc SCVMM Virtual Machine | azure_scvmm_virtual_machine | Host |
| [RM] Azure Bgp Service Communities | azure_bgp_service_communities | Network |
| [RM] Azure Consumer Group | azure_event_hub_consumer_group | Channel |
| [RM] Azure Ddos Protection Plans | azure_ddos_protection_plan | Configuration |
| [RM] Azure Event Hub | azure_event_hub | Service |
| [RM] Azure Express Route | azure_expressroute | Service |
| [RM] Azure Express Route Circuit | azure_expressroute_circuit | Network |
| [RM] Azure Express Route Circuit Connections | azure_expressroute_circuit_connection | Network |
| [RM] Azure Kubernetes Cluster | azure_kubernetes_cluster | Cluster |
| [RM] Azure Managed Disk | azure_managed_disk | DataStore, Disk |
| [RM] Azure Peer Express Route Circuit Connection | azure_peer_expressroute_circut_connection | Network |
| [RM] Bastion Host | azure_bastion_host | Gateway, Host |
| [RM] Batch Account | azure_batch_account | Service |
| [RM] Batch Application | azure_batch_application | Process |
| [RM] Batch Certificate | azure_batch_certificate | Certificate |
| [RM] Batch Pool | azure_batch_pool | Cluster |
| [RM] Bot Service Bot | azure_bot_service_bot | Service |
| [RM] Bot Service Channel | azure_bot_service_channel | Channel |
| [RM] CDN Endpoint | azure_cdn_endpoint | Gateway |
| [RM] CDN Profile | azure_cdn_profile | Service |
| [RM] Chaos Studio Capability | azure_chaos_studio_capability | Configuration |
| [RM] Chaos Studio Experiment | azure_chaos_studio_experiment | Assessment |
| [RM] Chaos Studio Target | azure_chaos_studio_target | Configuration |
| [RM] Classic Admin | azure_classic_admin_group | UserGroup |
| [RM] Container | azure_container | Container |
| [RM] Container Group | azure_container_group | Group |
| [RM] Container Registry | azure_container_registry | DataStore |
| [RM] Container Registry Webhook | azure_container_registry_webhook | ApplicationEndpoint |
| [RM] Container Volume | azure_container_volume | Disk |
| [RM] Cosmos DB Account | azure_cosmosdb_account | Account, Service |
| [RM] Cosmos DB Database | azure_cosmosdb_sql_database | Database, DataStore |
| [RM] Data Masking Policy | azure_synapse_masking_policy | Policy |
| [RM] Data Masking Rule | azure_synapse_masking_rule | Rule |
| [RM] Data Migration Project | azure_datamigration_project | Project |
| [RM] Data Migration Service | azure_datamigration_service | Service |
| [RM] Data Migration Task | azure_datamigration_task | Task |
| [RM] Data Protection Backup Vault | azure_data_protection_backup_vault | Service |
| [RM] Data Share Account | azure_data_share_account | Account |
| [RM] Databricks Workspace | azure_databricks_workspace | Service |
| [RM] Deployment | azure_rm_deployment | Deployment |
| [RM] Desktop Virtualization Application Group | azure_desktop_virtualization_application_group | Group |
| [RM] Desktop Virtualization Desktop | azure_desktop_virtualization_desktop | Resource |
| [RM] Desktop Virtualization Host Pool | azure_desktop_virtualization_host_pool | Resource |
| [RM] Desktop Virtualization Workspace | azure_desktop_virtualization_workspace | Service |
| [RM] DNS Record Set | azure_dns_record_set | DomainRecord |
| [RM] DNS Zone | azure_dns_zone | DomainZone |
| [RM] Document Intelligence Account | azure_document_intelligence_account | Service |
| [RM] EASM Workspace | azure_easm_workspace | Service |
| [RM] Event Grid Domain | azure_event_grid_domain | Service |
| [RM] Event Grid Domain Topic | azure_event_grid_domain_topic | Queue |
| [RM] Event Grid Topic | azure_event_grid_topic | Queue |
| [RM] Event Grid Topic Subscription | azure_event_grid_topic_subscription | Subscription |
| [RM] Event Hub Cluster | azure_event_hub_cluster | Cluster |
| [RM] Event Hub Keys | azure_event_hub_key | Key |
| [RM] Event Hub Namespace | azure_event_hub_namespace | Group |
| [RM] Firewall Policy | azure_network_firewall_policy | Policy |
| [RM] Front Door AFD Endpoint | azure_frontdoor_afd_endpoint | Gateway |
| [RM] Front Door Custom Domain | azure_frontdoor_custom_domain | Domain |
| [RM] Front Door Origin | azure_frontdoor_origin | Configuration |
| [RM] Front Door Origin Group | azure_frontdoor_origin_group | Configuration |
| [RM] Front Door Profile | azure_frontdoor_profile | Service |
| [RM] Front Door Route | azure_frontdoor_route | Configuration |
| [RM] Function | azure_function | Function |
| [RM] Function App | azure_function_app | Function |
| [RM] Gallery | azure_gallery | Repository |
| [RM] Image | azure_image | Image |
| [RM] IoT Hub | azure_iot_hub | Service |
| [RM] IoT Security Solution | azure_iot_security_solution | Configuration |
| [RM] Key Vault | azure_keyvault_service | Service |
| [RM] Key Vault Key | azure_keyvault_key | Key |
| [RM] Key Vault Secret | azure_keyvault_secret | Secret |
| [RM] Kubernetes Fleet Manager | azure_kubernetes_fleet_manager | Cluster |
| [RM] Kubernetes Fleet Member | azure_kubernetes_fleet_member | Resource |
| [RM] Kubernetes Service | azure_kube_service | Service |
| [RM] Load Balancer | azure_lb | Gateway |
| [RM] Log Analytics | azure_log_analytics_service | Service |
| [RM] Log Analytics Workspace | azure_log_analytics_workspace | DataStore, Logs |
| [RM] Machine Learning Compute | azure_machine_learning_compute | Resource |
| [RM] Machine Learning Workspace | azure_machine_learning_workspace | Service |
| [RM] Managed Cluster | azure_kube_maintenance_configuration | Cluster |
| [RM] Managed HSM | azure_managed_hsm | Vault |
| [RM] Managed Services Registration Assignment | azure_managed_services_registration_assignment | Configuration |
| [RM] Managed Services Registration Definition | azure_managed_services_registration_definition | AccessPolicy |
| [RM] Management Group | azure_management_group | Group |
| [RM] MariaDB Database | azure_mariadb_database | Database, DataStore |
| [RM] MariaDB Server | azure_mariadb_server | Database, DataStore, Host |
| [RM] Monitor Activity Log Alert | azure_monitor_activity_log_alert | Rule |
| [RM] Monitor Activity Log Event | azure_activity_log_event | Finding |
| [RM] Monitor Diagnostic Settings Resource | azure_diagnostic_setting | Configuration |
| [RM] Monitor Log Profile | azure_monitor_log_profile | Configuration |
| [RM] MySQL Database | azure_mysql_database | Database, DataStore |
| [RM] MySQL Flexible Database | azure_mysql_flexible_database | Database, DataStore |
| [RM] MySQL Flexible Server | azure_mysql_flexible_server | Database, DataStore, Host |
| [RM] MySQL Flexible Server Firewall Rule | azure_mysql_flexible_server_firewall_rule | Firewall |
| [RM] MySQL Server | azure_mysql_server | Database, DataStore, Host |
| [RM] MySQL Server Firewall Rule | azure_mysql_server_firewall_rule | Firewall |
| [RM] NAT Gateway | azure_nat_gateway | Network |
| [RM] Network Firewall | azure_network_firewall | Firewall |
| [RM] Network Interface | azure_nic | NetworkInterface |
| [RM] Network Watcher | azure_network_watcher | Resource |
| [RM] Oracle Cloud Exadata Infrastructure | azure_oracle_exadata_infrastructure | Cluster |
| [RM] Oracle DB Node | azure_oracle_db_node | Resource |
| [RM] Oracle DB Server | azure_oracle_db_server | Resource |
| [RM] Oracle DB System | azure_oracle_db_system | Database |
| [RM] Oracle Exadb VM Cluster | azure_oracle_exadb_vm_cluster | Cluster |
| [RM] Policy Assignment | azure_policy_assignment | ControlPolicy |
| [RM] Policy Definition | azure_policy_definition | Rule |
| [RM] Policy Set Definition | azure_policy_set_definition | Ruleset |
| [RM] Policy State | azure_policy_state | Review |
| [RM] PostgreSQL Database | azure_postgresql_database | Database, DataStore |
| [RM] PostgreSQL Flexible Database | azure_postgresql_flexible_database | Database, DataStore |
| [RM] PostgreSQL Flexible Server | azure_postgresql_flexible_server | Database, DataStore, Host |
| [RM] PostgreSQL Flexible Server Firewall Rule | azure_postgresql_flexible_server_firewall_rule | Firewall |
| [RM] PostgreSQL Server | azure_postgresql_server | Database, DataStore, Host |
| [RM] PostgreSQL Server Firewall Rule | azure_postgresql_server_firewall_rule | Firewall |
| [RM] Private DNS Record Set | azure_private_dns_record_set | DomainRecord |
| [RM] Private DNS Zone | azure_private_dns_zone | DomainZone |
| [RM] Private Endpoint | azure_private_endpoint | NetworkEndpoint |
| [RM] Public IP Address | azure_public_ip | IpAddress |
| [RM] Recovery Services Vault | azure_recovery_services_vault | Service |
| [RM] Redis Cache | azure_redis_cache | Database, DataStore, Cluster |
| [RM] Redis Firewall Rule | azure_firewall_rule | Firewall |
| [RM] Resource Group | azure_resource_group | Group |
| [RM] Resource Lock | azure_resource_lock | Rule |
| [RM] Role Assignment | azure_role_assignment | AccessPolicy |
| [RM] Role Binding | azure_kube_cluster_role_binding | AccessPolicy |
| [RM] Role Definition | azure_role_definition | AccessRole |
| [RM] Route | azure_route | Rule |
| [RM] Route Table | azure_route_table | Configuration |
| [RM] Security Assessment | azure_security_assessment | Assessment |
| [RM] Security Center Auto Provisioning Setting | azure_security_center_auto_provisioning_setting | Configuration |
| [RM] Security Center Setting | azure_security_center_setting | Configuration |
| [RM] Security Center Subscription Pricing | azure_security_center_subscription_pricing | Configuration |
| [RM] Security Contact | azure_security_center_contact | Resource |
| [RM] Security Group | azure_security_group | Firewall |
| [RM] Security Group Flow Logs | azure_security_group_flow_logs | Logs |
| [RM] Security Rule | azure_security_rule | Rule |
| [RM] Service Bus Namespace | azure_service_bus_namespace | Service |
| [RM] Service Bus Queue | azure_service_bus_queue | Queue |
| [RM] Service Bus Subscription | azure_service_bus_subscription | Subscription |
| [RM] Service Bus Topic | azure_service_bus_topic | Queue |
| [RM] Shared Image | azure_shared_image | Image |
| [RM] Shared Image Version | azure_shared_image_version | Image |
| [RM] SQL Database | azure_sql_database | Database, DataStore |
| [RM] SQL Managed Instance | azure_sql_managed_instance | Database |
| [RM] SQL Managed Instance Database | azure_sql_managed_instance_database | Database |
| [RM] SQL Managed Instance Entra ID Admin | azure_sql_managed_instance_active_directory_admin | AccessRole |
| [RM] SQL Pool | azure_synapse_sql_pool | Configuration |
| [RM] SQL Server | azure_sql_server | Database, DataStore, Host |
| [RM] SQL Server Entra ID Admin | azure_sql_server_active_directory_admin | AccessRole |
| [RM] SQL Server Firewall Rule | azure_sql_server_firewall_rule | Firewall |
| [RM] SQL Virtual Machine | azure_sql_vm | Host |
| [RM] Storage Account | azure_storage_account | Service |
| [RM] Storage Account Key | azure_storage_account_key | Key |
| [RM] Storage Blob Service | azure_storage_blob_service | Service |
| [RM] Storage Container | azure_storage_container | DataStore |
| [RM] Storage File Share | azure_storage_file_share | DataStore |
| [RM] Storage Queue | azure_storage_queue | Queue |
| [RM] Storage Table | azure_storage_table | DataStore, Database |
| [RM] Stream Analytics Cluster | azure_stream_analytics_cluster | Cluster |
| [RM] Stream Analytics Job | azure_stream_analytics_job | Task |
| [RM] Stream Analytics Private Endpoint | azure_stream_analytics_private_endpoint | NetworkEndpoint |
| [RM] Subnet | azure_subnet | Network |
| [RM] Subscription | azure_subscription | Account |
| [RM] Subscription Policy | azure_subscription_policy | Policy |
| [RM] Synapse Keys | azure_synapse_key | Key |
| [RM] Traffic Manager Endpoint | azure_traffic_manager_endpoint | Configuration |
| [RM] Traffic Manager Profile | azure_traffic_manager_profile | Gateway |
| [RM] Usage Details | azure_usage_details | Site |
| [RM] Virtual Hub | azure_virtual_hub | Network |
| [RM] Virtual Machine | azure_vm | Host |
| [RM] Virtual Machine Extension | azure_vm_extension | Application |
| [RM] Virtual Machine Scale Set | azure_vm_scale_set | Deployment, Group |
| [RM] Virtual Network | azure_vnet | Network |
| [RM] Virtual WAN | azure_virtual_wan | Network |
| [RM] VPN Connection | azure_vpn_connection | Network |
| [RM] VPN Gateway | azure_vpn_gateway | Gateway |
| [RM] Web App | azure_web_app | Application |
| [RM] Workspaces | azure_synapse_workspace | Configuration |
| Access Package Assignment Approvers | azure_access_packages_approver | Review |
| Access Package Assignment Policies | azure_access_packages_policy | AccessPolicy |
| Access Package Assignment Requests | azure_access_packages_request | Requirement |
| Access Package Assignments | azure_access_packages_service_assignment | AccessRole |
| Access Package Catalogs | azure_access_packages_catalog | Resource |
| Access Packages | azure_access_packages_services | Service |
| Application Credentials | azure_application_credential | Secret |
| Applications | azure_application | Application |
| Azure Application Gateway | azure_application_gateway | Network |
| Azure Application Security Groups | azure_application_security_group | Firewall |
| Azure Synapse Analytics | azure_synapse | Service |
| Device | azure_device | Device |
| Finding | azure_defender_alert | Finding |
| FrontDoor | azure_frontdoor | Service |
| FrontDoor Backend Pool | azure_frontdoor_backend_pool | Configuration |
| FrontDoor Frontend Endpoint | azure_frontdoor_frontend_endpoint | Gateway |
| FrontDoor Routing Rule | azure_frontdoor_routing_rule | Rule |
| FrontDoor Rules Engine | azure_frontdoor_rules_engine | Ruleset |
| Service Principal Key Credential | azure_service_principal_key_credential | Certificate |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
ANY_RESOURCE | GENERATED | azure_shared_image_version |
ANY_RESOURCE | HAS | azure_defender_alert |
ANY_RESOURCE | HAS | azure_policy_state |
ANY_SCOPE | HAS | azure_diagnostic_setting |
ANY_SCOPE | HAS | azure_advisor_recommendation |
ANY_SCOPE | HAS | azure_policy_assignment |
azure_access_packages_approver | IS | azure_user |
azure_access_packages_catalog | ASSIGNED | azure_application |
azure_access_packages_service_assignment | CONTAINS | azure_access_packages_policy |
azure_access_packages_services | HAS | azure_application |
azure_access_packages_services | HAS | azure_access_packages_service_assignment |
azure_account | HAS | azure_domain |
azure_account | HAS | azure_user |
azure_account | HAS | azure_group |
azure_account | ENFORCES | azure_authorization_policy |
azure_account | ENFORCES | azure_authentication_methods_policy |
azure_account | HAS | azure_group_unified_setting_template |
azure_account | HAS | azure_group_unified_guest_setting_template |
azure_account | HAS | azure_group_unified_setting |
azure_account | ENFORCES | azure_authentication_strength_policy |
azure_account | ENFORCES | azure_device_registration_policy |
azure_account | HAS | azure_access_review |
azure_account | HAS | azure_keyvault_service |
azure_account | HAS | azure_subscription_policy |
azure_account | HAS | azure_management_group |
azure_api_management_service | HAS | azure_api_management_api |
azure_app_configuration_store | USES | azure_private_endpoint |
azure_application | HAS | azure_application_credential |
azure_application_gateway | HAS | azure_public_ip |
azure_application_insights | USES | azure_private_endpoint |
azure_application_insights | USES | azure_log_analytics_workspace |
azure_application_security_group | PROTECTS | azure_vm |
azure_arc_machine | USES | azure_arc_machine_extension |
azure_arc_machine | HAS | azure_scvmm_virtual_machine |
azure_authorization_policy | USES | ad-role-definitions |
azure_automation_account | HAS | azure_private_endpoint |
azure_bastion_host | USES | azure_subnet |
azure_bastion_host | USES | azure_public_ip |
azure_batch_account | HAS | azure_batch_pool |
azure_batch_account | HAS | azure_batch_application |
azure_batch_account | HAS | azure_batch_certificate |
azure_bgp_service_communities | HAS | azure_expressroute |
azure_bot_service_bot | HAS | azure_bot_service_channel |
azure_bot_service_bot | USES | azure_storage_account |
azure_bot_service_bot | HAS | azure_private_endpoint |
azure_cdn_profile | HAS | azure_cdn_endpoint |
azure_chaos_studio_experiment | HAS | azure_chaos_studio_target |
azure_chaos_studio_target | HAS | azure_chaos_studio_capability |
azure_classic_admin_group | HAS | azure_user |
azure_conditional_access_policy | CONTAINS | azure_conditional_access_named_location |
azure_conditional_access_policy | ASSIGNED | azure_user |
azure_conditional_access_policy | ASSIGNED | azure_group |
azure_conditional_access_service | HAS | azure_conditional_access_policy |
azure_conditional_access_service | HAS | azure_conditional_access_authorization_context |
azure_conditional_access_service | HAS | azure_conditional_access_template |
azure_container | USES | azure_container_volume |
azure_container_group | HAS | azure_container |
azure_container_group | HAS | azure_container_volume |
azure_container_registry | HAS | azure_container_registry_webhook |
azure_container_volume | USES | azure_storage_file_share |
azure_cosmosdb_account | HAS | azure_cosmosdb_sql_database |
azure_databricks_workspace | HAS | azure_private_endpoint |
azure_databricks_workspace | USES | azure_vnet |
azure_databricks_workspace | USES | azure_machine_learning_workspace |
azure_databricks_workspace | USES | azure_lb |
azure_datamigration_service | HAS | azure_datamigration_project |
azure_datamigration_service | HAS | azure_datamigration_task |
azure_ddos_protection_plan | ASSIGNED | azure_public_ip |
azure_ddos_protection_plan | ASSIGNED | azure_vnet |
azure_desktop_virtualization_application_group | HAS | azure_desktop_virtualization_desktop |
azure_desktop_virtualization_host_pool | HAS | azure_desktop_virtualization_application_group |
azure_desktop_virtualization_host_pool | HAS | azure_private_endpoint |
azure_desktop_virtualization_workspace | HAS | azure_desktop_virtualization_application_group |
azure_desktop_virtualization_workspace | HAS | azure_private_endpoint |
azure_device_registration_policy | ALLOWS | azure_user |
azure_device_registration_policy | ALLOWS | azure_group |
azure_diagnostic_setting | USES | azure_storage_account |
azure_dns_zone | HAS | azure_dns_record_set |
azure_document_intelligence_account | HAS | azure_private_endpoint |
azure_event_grid_domain | HAS | azure_event_grid_domain_topic |
azure_event_grid_domain_topic | HAS | azure_event_grid_topic_subscription |
azure_event_grid_topic | HAS | azure_event_grid_topic_subscription |
azure_event_hub | HAS | azure_location |
azure_event_hub_cluster | ASSIGNED | azure_event_hub_namespace |
azure_event_hub_consumer_group | HAS | azure_event_hub |
azure_event_hub_key | USES | azure_keyvault_service |
azure_event_hub_namespace | HAS | azure_event_hub |
azure_event_hub_namespace | HAS | azure_event_hub_key |
azure_expressroute | HAS | azure_expressroute |
azure_expressroute | HAS | azure_peer_expressroute_circut_connection |
azure_expressroute | HAS | azure_application_gateway |
azure_expressroute | HAS | azure_expressroute_circuit_connection |
azure_expressroute_circuit | HAS | azure_peer_expressroute_circut_connection |
azure_expressroute_circuit | HAS | azure_expressroute_circuit_connection |
azure_frontdoor | HAS | azure_frontdoor_rules_engine |
azure_frontdoor | HAS | azure_frontdoor_routing_rule |
azure_frontdoor | HAS | azure_frontdoor_backend_pool |
azure_frontdoor | HAS | azure_frontdoor_frontend_endpoint |
azure_frontdoor_afd_endpoint | HAS | azure_frontdoor_route |
azure_frontdoor_origin_group | HAS | azure_frontdoor_origin |
azure_frontdoor_profile | HAS | azure_frontdoor_afd_endpoint |
azure_frontdoor_profile | HAS | azure_frontdoor_origin_group |
azure_frontdoor_profile | HAS | azure_frontdoor_custom_domain |
azure_function_app | USES | azure_app_service_plan |
azure_function_app | HAS | azure_function |
azure_gallery | CONTAINS | azure_shared_image |
azure_group | HAS | azure_user |
azure_group | HAS | azure_group |
azure_group | HAS | azure_group_member |
azure_group | HAS | azure_device |
azure_group | APPROVED | azure_access_packages_policy |
azure_group | ASSIGNED | azure_access_packages_services |
azure_group_unified_guest_setting | MANAGES | azure_group |
azure_group_unified_setting | MANAGES | azure_group |
azure_iot_hub | HAS | azure_iot_security_solution |
azure_keyvault_service | ALLOWS | ANY_PRINCIPAL |
azure_keyvault_service | CONTAINS | azure_keyvault_key |
azure_keyvault_service | CONTAINS | azure_keyvault_secret |
azure_keyvault_service | USES | azure_private_endpoint |
azure_keyvault_service | HAS | azure_synapse_key |
azure_kube_cluster_role_binding | IS | kube_cluster_role_binding |
azure_kube_service | CONTAINS | azure_kube_trusted_access_role |
azure_kubernetes_cluster | HAS | azure_kube_maintenance_configuration |
azure_kubernetes_cluster | CONTAINS | azure_kube_cluster_role_binding |
azure_kubernetes_fleet_manager | HAS | azure_kubernetes_fleet_member |
azure_kubernetes_fleet_member | USES | azure_kubernetes_cluster |
azure_lb | CONNECTS | azure_nic |
azure_lb | HAS | azure_public_ip |
azure_log_analytics_service | HAS | azure_log_analytics_workspace |
azure_log_analytics_workspace | USES | azure_private_endpoint |
azure_machine_learning_workspace | USES | azure_storage_account |
azure_machine_learning_workspace | USES | azure_keyvault_service |
azure_machine_learning_workspace | USES | azure_container_registry |
azure_machine_learning_workspace | HAS | azure_private_endpoint |
azure_machine_learning_workspace | HAS | azure_machine_learning_compute |
azure_managed_hsm | MANAGES | ANY_PRINCIPAL |
azure_managed_hsm | USES | azure_private_endpoint |
azure_managed_services_registration_assignment | USES | azure_managed_services_registration_definition |
azure_management_group | CONTAINS | azure_management_group |
azure_mariadb_server | HAS | azure_mariadb_database |
azure_monitor_activity_log_alert | MONITORS | ANY_SCOPE |
azure_monitor_log_profile | USES | azure_storage_account |
azure_mysql_flexible_server | HAS | azure_mysql_flexible_database |
azure_mysql_flexible_server | HAS | azure_mysql_server_firewall_rule |
azure_mysql_server | HAS | azure_mysql_database |
azure_mysql_server | HAS | azure_mysql_server_firewall_rule |
azure_nat_gateway | HAS | azure_public_ip |
azure_network_firewall | HAS | azure_network_firewall_policy |
azure_network_firewall | HAS | azure_public_ip |
azure_network_firewall_policy | EXTENDS | azure_network_firewall_policy |
azure_network_watcher | HAS | azure_security_group_flow_logs |
azure_oracle_exadata_infrastructure | HAS | azure_oracle_db_server |
azure_oracle_exadb_vm_cluster | HAS | azure_oracle_db_node |
azure_oracle_exadb_vm_cluster | USES | azure_vnet |
azure_oracle_exadb_vm_cluster | USES | azure_subnet |
azure_policy_assignment | USES | azure_policy_set_definition |
azure_policy_assignment | USES | azure_policy_definition |
azure_policy_assignment | HAS | azure_policy_state |
azure_policy_definition | DEFINES | azure_policy_state |
azure_policy_set_definition | CONTAINS | azure_policy_definition |
azure_postgresql_flexible_server | HAS | azure_postgresql_flexible_database |
azure_postgresql_flexible_server | HAS | azure_postgresql_server_firewall_rule |
azure_postgresql_server | HAS | azure_postgresql_database |
azure_postgresql_server | HAS | azure_postgresql_server_firewall_rule |
azure_private_dns_zone | HAS | azure_private_dns_record_set |
azure_private_endpoint | USES | azure_nic |
azure_private_endpoint | CONNECTS | ANY_RESOURCE |
azure_recovery_services_vault | HAS | azure_private_endpoint |
azure_redis_cache | HAS | azure_firewall_rule |
azure_redis_cache | CONNECTS | azure_redis_cache |
azure_resource_group | HAS | azure_gallery |
azure_resource_group | HAS | azure_image |
azure_resource_group | HAS | azure_managed_disk |
azure_resource_group | HAS | azure_vm |
azure_resource_group | HAS | azure_vm_scale_set |
azure_resource_group | HAS | azure_cosmosdb_account |
azure_resource_group | HAS | azure_data_protection_backup_vault |
azure_resource_group | HAS | azure_datamigration_service |
azure_resource_group | HAS | azure_data_share_account |
azure_resource_group | HAS | azure_mariadb_server |
azure_resource_group | HAS | azure_mysql_server |
azure_resource_group | HAS | azure_mysql_flexible_server |
azure_resource_group | HAS | azure_postgresql_server |
azure_resource_group | HAS | azure_postgresql_flexible_server |
azure_resource_group | HAS | azure_sql_server |
azure_resource_group | HAS | azure_sql_managed_instance |
azure_resource_group | HAS | azure_databricks_workspace |
azure_resource_group | HAS | azure_keyvault_service |
azure_resource_group | HAS | azure_managed_hsm |
azure_resource_group | HAS | azure_machine_learning_workspace |
azure_resource_group | HAS | azure_desktop_virtualization_workspace |
azure_resource_group | HAS | azure_desktop_virtualization_host_pool |
azure_resource_group | HAS | azure_desktop_virtualization_application_group |
azure_resource_group | HAS | azure_document_intelligence_account |
azure_resource_group | HAS | azure_public_ip |
azure_resource_group | HAS | azure_nic |
azure_resource_group | HAS | azure_vnet |
azure_resource_group | HAS | azure_security_group |
azure_resource_group | HAS | azure_lb |
azure_resource_group | HAS | azure_network_firewall |
azure_resource_group | HAS | azure_network_watcher |
azure_resource_group | HAS | azure_private_endpoint |
azure_resource_group | HAS | azure_nat_gateway |
azure_resource_group | HAS | azure_bastion_host |
azure_resource_group | HAS | azure_route_table |
azure_resource_group | HAS | azure_storage_account |
azure_resource_group | HAS | azure_api_management_service |
azure_resource_group | HAS | azure_arc_machine |
azure_resource_group | HAS | azure_dns_zone |
azure_resource_group | HAS | azure_private_dns_zone |
azure_resource_group | HAS | azure_container_registry |
azure_resource_group | HAS | azure_service_bus_namespace |
azure_resource_group | HAS | azure_cdn_profile |
azure_resource_group | HAS | azure_batch_account |
azure_resource_group | HAS | azure_bot_service_bot |
azure_resource_group | HAS | azure_recovery_services_vault |
azure_resource_group | HAS | azure_redis_cache |
azure_resource_group | HAS | azure_container_group |
azure_resource_group | HAS | azure_frontdoor |
azure_resource_group | HAS | azure_frontdoor_profile |
azure_resource_group | HAS | azure_traffic_manager_profile |
azure_resource_group | HAS | azure_event_grid_domain |
azure_resource_group | HAS | azure_event_grid_topic |
azure_resource_group | HAS | azure_automation_account |
azure_resource_group | HAS | azure_chaos_studio_experiment |
azure_resource_group | HAS | azure_kubernetes_fleet_manager |
azure_resource_group | HAS | azure_monitor_activity_log_alert |
azure_resource_group | HAS | azure_web_app |
azure_resource_group | HAS | azure_function_app |
azure_resource_group | HAS | azure_app_service_plan |
azure_resource_group | HAS | azure_kubernetes_cluster |
azure_resource_group | HAS | azure_ddos_protection_plan |
azure_resource_group | HAS | azure_event_hub_namespace |
azure_resource_group | HAS | azure_event_hub |
azure_resource_group | HAS | azure_app_configuration_store |
azure_resource_group | HAS | azure_virtual_wan |
azure_resource_group | HAS | azure_virtual_hub |
azure_resource_group | HAS | azure_vpn_gateway |
azure_resource_group | HAS | azure_log_analytics_workspace |
azure_resource_group | HAS | azure_application_insights |
azure_resource_group | HAS | azure_rm_deployment |
azure_resource_group | HAS | azure_oracle_exadata_infrastructure |
azure_resource_group | HAS | azure_oracle_exadb_vm_cluster |
azure_resource_group | HAS | azure_oracle_db_system |
azure_resource_group | HAS | azure_sql_vm |
azure_resource_group | HAS | azure_stream_analytics_cluster |
azure_resource_group | HAS | azure_stream_analytics_job |
azure_resource_lock | HAS | ANY_SCOPE |
azure_role_assignment | ASSIGNED | azure_unknown_principal_type |
azure_role_assignment | ASSIGNED | azure_application |
azure_role_assignment | ASSIGNED | azure_directory |
azure_role_assignment | ASSIGNED | azure_directory_role_template |
azure_role_assignment | ASSIGNED | azure_everyone |
azure_role_assignment | ASSIGNED | azure_foreign_group |
azure_role_assignment | ASSIGNED | azure_group |
azure_role_assignment | ASSIGNED | azure_msi |
azure_role_assignment | ASSIGNED | azure_service_principal |
azure_role_assignment | ASSIGNED | azure_unknown |
azure_role_assignment | ASSIGNED | azure_user |
azure_role_assignment | ALLOWS | ANY_SCOPE |
azure_role_assignment | USES | azure_role_definition |
azure_route_table | HAS | azure_route |
azure_security_assessment | IDENTIFIED | azure_advisor_recommendation |
azure_security_group | PROTECTS | azure_vm_scale_set |
azure_security_group | PROTECTS | azure_subnet |
azure_security_group | PROTECTS | azure_nic |
azure_security_group | HAS | azure_security_rule |
azure_security_group | ALLOWS | azure_subnet |
azure_security_group | DENIES | azure_subnet |
azure_security_group | HAS | azure_security_group_flow_logs |
azure_security_group_flow_logs | USES | azure_storage_account |
azure_service_bus_namespace | HAS | azure_service_bus_queue |
azure_service_bus_namespace | HAS | azure_service_bus_topic |
azure_service_bus_topic | HAS | azure_service_bus_subscription |
azure_service_principal | USES | azure_service_principal_key_credential |
azure_service_principal | HAS | ad-role-definitions |
azure_service_principal | ASSIGNED | azure_group |
azure_service_principal | ASSIGNED | azure_user |
azure_service_principal | ASSIGNED | azure_service_principal |
azure_service_principal | OWNS | azure_application |
azure_shared_image | HAS | azure_shared_image_version |
azure_sql_managed_instance | HAS | azure_sql_managed_instance_database |
azure_sql_managed_instance | HAS | azure_sql_managed_instance_active_directory_admin |
azure_sql_managed_instance | HAS | azure_private_endpoint |
azure_sql_server | HAS | azure_sql_database |
azure_sql_server | HAS | azure_sql_server_firewall_rule |
azure_sql_server | HAS | azure_sql_server_active_directory_admin |
azure_sql_vm | USES | azure_vm |
azure_storage_account | USES | azure_keyvault_service |
azure_storage_account | HAS | azure_storage_file_share |
azure_storage_account | HAS | azure_storage_container |
azure_storage_account | HAS | azure_storage_queue |
azure_storage_account | HAS | azure_storage_table |
azure_storage_account | HAS | azure_storage_blob_service |
azure_storage_account | HAS | azure_storage_account_key |
azure_stream_analytics_cluster | HAS | azure_stream_analytics_job |
azure_stream_analytics_cluster | HAS | azure_stream_analytics_private_endpoint |
azure_subnet | ALLOWS | azure_security_group |
azure_subnet | DENIES | azure_security_group |
azure_subnet | HAS | azure_private_endpoint |
azure_subnet | USES | azure_route_table |
azure_subnet | HAS | azure_vm |
azure_subscription | CONTAINS | azure_role_definition |
azure_subscription | HAS | azure_resource_group |
azure_subscription | HAS | azure_usage_details |
azure_subscription | PERFORMED | azure_security_assessment |
azure_subscription | HAS | azure_security_center_contact |
azure_subscription | HAS | azure_security_center_subscription_pricing |
azure_subscription | HAS | azure_security_center_setting |
azure_subscription | HAS | azure_security_center_auto_provisioning_setting |
azure_subscription | HAS | azure_defender_alert |
azure_subscription | HAS | azure_monitor_log_profile |
azure_subscription | HAS | azure_activity_log_event |
azure_subscription | HAS | azure_kube_service |
azure_subscription | HAS | azure_synapse |
azure_subscription | HAS | azure_ddos_protection_plan |
azure_subscription | HAS | azure_event_hub |
azure_subscription | HAS | azure_iot_hub |
azure_subscription | HAS | azure_iot_security_solution |
azure_subscription | HAS | azure_expressroute |
azure_subscription | HAS | azure_bgp_service_communities |
azure_subscription | HAS | azure_easm_workspace |
azure_subscription | HAS | azure_rm_deployment |
azure_subscription | HAS | azure_managed_services_registration_definition |
azure_subscription | HAS | azure_managed_services_registration_assignment |
azure_synapse | HAS | azure_synapse_workspace |
azure_synapse | HAS | azure_synapse_sql_pool |
azure_synapse | HAS | azure_synapse_key |
azure_synapse_sql_pool | HAS | azure_synapse_masking_rule |
azure_synapse_sql_pool | ASSIGNED | azure_synapse_masking_policy |
azure_synapse_workspace | HAS | azure_synapse_sql_pool |
azure_synapse_workspace | HAS | azure_synapse_key |
azure_traffic_manager_profile | HAS | azure_traffic_manager_endpoint |
azure_user | OWNS | azure_device |
azure_user | HAS | ad-role-definitions |
azure_user | APPROVED | azure_access_packages_policy |
azure_user | OWNS | azure_application |
azure_user | CREATED | azure_access_packages_request |
azure_user | ASSIGNED | azure_access_packages_services |
azure_virtual_hub | HAS | azure_vpn_gateway |
azure_virtual_hub | USES | azure_network_firewall |
azure_virtual_wan | HAS | azure_virtual_hub |
azure_vm | GENERATED | azure_shared_image_version |
azure_vm | USES | azure_storage_account |
azure_vm | USES | azure_managed_disk |
azure_vm | USES | azure_vm_extension |
azure_vm | USES | azure_image |
azure_vm | USES | azure_shared_image |
azure_vm | USES | azure_shared_image_version |
azure_vm | USES | azure_service_principal |
azure_vm | USES | azure_vm_scale_set |
azure_vm | USES | azure_nic |
azure_vm | USES | azure_public_ip |
azure_vm_scale_set | USES | azure_lb |
azure_vm_scale_set | USES | azure_subnet |
azure_vm_scale_set | USES | azure_shared_image |
azure_vnet | CONTAINS | azure_subnet |
azure_vpn_gateway | HAS | azure_vpn_connection |
azure_web_app | USES | azure_app_service_plan |
Mapped Relationships
The following mapped relationships are created:
Source Entity _type | Relationship _class | Target Entity _type | Direction |
|---|---|---|---|
azure_kube_trusted_access_role | IS | kube_cluster_role | FORWARD |
azure_management_group | HAS | azure_subscription | FORWARD |
azure_network_firewall | ALLOWS | internet | FORWARD |
azure_network_firewall | ALLOWS | internet | REVERSE |
azure_network_firewall | DENIES | internet | FORWARD |
azure_network_firewall | DENIES | internet | REVERSE |
azure_network_watcher | HAS | azure_location | REVERSE |
azure_subscription | USES | azure_location | FORWARD |
azure_vm | USES | azure_image | FORWARD |
Azure Access Review
azure_access_review inherits from Review
| Property | Type | Description | Specifications |
|---|---|---|---|
autoApplyDecisions | boolean | ||
createdOn | number | ||
defaultDecision | string | ||
defaultDecisionEnabled | boolean | ||
descriptionForAdmins | string | ||
descriptionForReviewers | string | ||
durationInDays | number | ||
id | string | ||
justificationRequired | boolean | ||
mailNotificationsEnabled | boolean | ||
recommendationsEnabled | boolean | ||
recurrenceDayOfMonth | number | ||
recurrenceDaysOfWeek | array of strings | ||
recurrenceEndDate | string | ||
recurrenceFirstDayOfWeek | string | ||
recurrenceIndex | string | ||
recurrenceInterval | number | ||
recurrenceMonth | number | ||
recurrenceOccurrences | number | ||
recurrenceRangeType | string | ||
recurrenceStartDate | string | ||
recurrenceTimeZone | string | ||
recurrenceType | string | ||
reminderNotificationsEnabled | boolean | ||
updatedOn | number |
Azure Activity Log Event
azure_activity_log_event inherits from Finding
| Property | Type | Description | Specifications |
|---|---|---|---|
authorizationAction * | string | null | ||
authorizationRole * | string | null | ||
authorizationScope * | string | null | ||
caller * | string | null | ||
category * | string | null | ||
clientIpAddress * | string | null | ||
correlationId * | string | null | ||
eventDataId * | string | null | ||
eventTimestamp * | number | null | ||
httpMethod * | string | null | ||
level * | string | null | ||
numericSeverity * | number | ||
open * | boolean | ||
operationId * | string | null | ||
operationName * | string | null | ||
operationStatus * | string | null | ||
resourceGroupName * | string | null | ||
resourceId * | string | null | ||
resourceProviderName * | string | null | ||
resourceType * | string | null | ||
severity * | string | null | ||
submissionTimestamp * | number | null | ||
subscriptionId * | string | null | ||
subStatus * | string | null |
Azure Authentication Methods Policy
azure_authentication_methods_policy inherits from AccessPolicy
| Property | Type | Description | Specifications |
|---|---|---|---|
attestationEnforced | boolean | ||
certificateValidationEnabled | boolean | ||
defaultLifetimeMinutes | number | ||
disabledAuthenticationMethods | array of strings | ||
enabledAuthenticationMethods | array of strings | ||
externalIdEmailOtpAllowed | string | ||
hasExclusions | array of strings | ||
includeAllUsers | array of strings | ||
isRegistrationEnforced | boolean | ||
isUsableOnce | boolean | ||
keyRestrictionsEnforced | boolean | ||
lastModifiedDateTime | number | null | ||
maximumLifetimeMinutes | number | ||
minimumLifetimeMinutes | number | ||
officePhoneAllowed | boolean | ||
policyMigrationState | string | null | ||
policyVersion | string | null | ||
registrationCampaignState | string | ||
registrationSnoozeDays | number | ||
requiresRegistration | array of strings | ||
selfServiceRegistrationAllowed | boolean | ||
softwareOathEnabled | boolean |
Azure Authentication Strength Policy
azure_authentication_strength_policy inherits from PasswordPolicy
| Property | Type | Description | Specifications |
|---|---|---|---|
allowedCombinations | array of strings | ||
description | string | ||
policyType | string | ||
requirementsSatisfied | string |
Azure Authorization Policy
azure_authorization_policy inherits from AccessPolicy
| Property | Type | Description | Specifications |
|---|---|---|---|
allowedToSignUpEmailBasedSubscriptions | boolean | ||
allowedToUseSSPR | boolean | ||
allowEmailVerifiedUsersToJoinOrganization | boolean | ||
allowInvitesFrom | string | null | ||
allowUserConsentForRiskyApps | boolean | null | ||
blockMsolPowerShell | boolean | null | ||
defaultUserRolePermissions.allowedToCreateApps | boolean | ||
defaultUserRolePermissions.allowedToCreateSecurityGroups | boolean | ||
defaultUserRolePermissions.allowedToCreateTenants | boolean | null | ||
defaultUserRolePermissions.allowedToReadBitlockerKeysForOwnedDevice | boolean | null | ||
defaultUserRolePermissions.allowedToReadOtherUsers | boolean | ||
defaultUserRolePermissions.permissionGrantPoliciesAssigned | array | null |
Azure Bot Service Bot
azure_bot_service_bot inherits from Service
| Property | Type | Description | Specifications |
|---|---|---|---|
appPasswordHint * | string | null | ||
category * | array | null | ||
cmekEncryptionStatus * | string | null | ||
cmekKeyVaultUrl * | string | null | ||
configuredChannels * | array | null | ||
description * | string | null | ||
developerAppInsightKey * | string | null | ||
developerAppInsightsApiKey * | string | null | ||
developerAppInsightsApplicationId * | string | null | ||
displayName * | string | null | ||
enabledChannels * | array | null | ||
endpoint * | string | null | ||
endpointVersion * | string | null | ||
function * | array | null | ||
iconUrl * | string | null | ||
identityPrincipalId * | string | null | ||
identityTenantId * | string | null | ||
identityType * | string | null | ||
isCmekEnabled * | boolean | ||
isDeveloperAppInsightsApiKeySet * | boolean | null | ||
isLocalAuthenticationEnabled * | boolean | ||
isStreamingSupported * | boolean | ||
kind * | string | null | ||
location * | string | null | ||
luisAppIds * | array | null | ||
luisKey * | string | null | ||
manifestUrl * | string | null | ||
migrationToken * | string | null | ||
msaAppId * | string | null | ||
msaAppMSIResourceId * | string | null | ||
msaAppTenantId * | string | null | ||
msaAppType * | string | null | ||
name * | string | null | ||
openWithHint * | string | null | ||
provisioningState * | string | null | ||
publicNetworkAccess * | string | null | ||
publishingCredentials * | string | null | ||
region * | string | null | ||
resourceGroup * | string | null | ||
schemaTransformationVersion * | string | null | ||
skuName * | string | null | ||
skuTier * | string | null | ||
storageResourceId * | string | null | ||
tenantId * | string | null | ||
zones * | array | null |
Azure Bot Service Channel
azure_bot_service_channel inherits from Channel
| Property | Type | Description | Specifications |
|---|---|---|---|
category * | array | null | ||
channelName * | string | null | ||
function * | array | null | ||
isEnabled * | boolean | null | ||
location * | string | null | ||
name * | string | null | ||
region * | string | null | ||
resourceGroup * | string | null |
Azure Data Protection Backup Vault
azure_data_protection_backup_vault inherits from Service
| Property | Type | Description | Specifications |
|---|---|---|---|
bcdrSecurityLevel * | string | null | ||
category * | array | null | ||
crossRegionRestoreState * | string | null | ||
crossSubscriptionRestoreState * | string | null | ||
function * | array | null | ||
identityPrincipalId * | string | null | ||
identityTenantId * | string | null | ||
identityType * | string | null | ||
immutabilityState * | string | null | ||
isVaultProtectedByResourceGuard * | boolean | ||
keyVaultUri * | string | null | ||
location * | string | null | ||
name * | string | null | ||
region * | string | null | ||
replicatedRegions * | array | null | ||
resourceGroup * | string | null | ||
secureScore * | string | null | ||
softDeleteRetentionDurationInDays * | number | null | ||
softDeleteState * | string | null | ||
storageSettingDataStoreType * | string | null | ||
storageSettingType * | string | null |
Azure Databricks Workspace
azure_databricks_workspace inherits from Service
| Property | Type | Description | Specifications |
|---|---|---|---|
amlWorkspaceId * | string | null | ||
category * | array | null | ||
customPrivateSubnetName * | string | null | ||
customPublicSubnetName * | string | null | ||
customVirtualNetworkId * | string | null | ||
diskEncryptionSetId * | string | null | ||
function * | array | null | ||
isInfrastructureEncryptionRequired * | boolean | null | ||
isPublicIpEnabled * | boolean | ||
lastModifiedOn * | number | null | ||
loadBalancerBackendPoolName * | string | null | ||
loadBalancerId * | string | null | ||
location * | string | null | ||
managedDiskEncryptionKeySource * | string | null | ||
managedDiskIdentityPrincipalId * | string | null | ||
managedDiskIdentityTenantId * | string | null | ||
managedDiskIdentityType * | string | null | ||
managedResourceGroupId * | string | null | ||
managedServicesEncryptionKeySource * | string | null | ||
name * | string | null | ||
natGatewayName * | string | null | ||
privateEndpointConnections * | array | null | ||
publicIpName * | string | null | ||
publicNetworkAccess * | string | null | ||
region * | string | null | ||
requiredNsgRules * | string | null | ||
resourceGroup * | string | null | ||
skuName * | string | null | ||
skuTier * | string | null | ||
storageAccountIdentityPrincipalId * | string | null | ||
storageAccountIdentityTenantId * | string | null | ||
storageAccountIdentityType * | string | null | ||
storageAccountName * | string | null | ||
vnetAddressPrefix * | string | null | ||
workspaceId * | string | null | ||
workspaceUrl * | string | null |
Azure Defender Alert
azure_defender_alert inherits from Finding
| Property | Type | Description | Specifications |
|---|---|---|---|
blocking * | boolean | ||
id | string | ||
type * | string | null |
Azure Desktop Virtualization Application Group
azure_desktop_virtualization_application_group inherits from Group
| Property | Type | Description | Specifications |
|---|---|---|---|
applicationGroupType * | string | null | ||
etag * | string | null | ||
friendlyName * | string | null | ||
hostPoolArmPath * | string | null | ||
identityPrincipalId * | string | null | ||
identityTenantId * | string | null | ||
identityType * | string | null | ||
isCloudPcResource * | boolean | null | ||
isShownInFeed * | boolean | null | ||
kind * | string | null | ||
lastModifiedOn * | number | null | ||
location * | string | null | ||
objectId * | string | null | ||
region * | string | null | ||
resourceGroup * | string | null | ||
skuName * | string | null | ||
skuTier * | string | null | ||
workspaceArmPath * | string | null |
Azure Desktop Virtualization Desktop
azure_desktop_virtualization_desktop inherits from Resource
| Property | Type | Description | Specifications |
|---|---|---|---|
friendlyName * | string | null | ||
iconHash * | string | null | ||
lastModifiedOn * | number | null | ||
objectId * | string | null |
Azure Desktop Virtualization Host Pool
azure_desktop_virtualization_host_pool inherits from Resource
| Property | Type | Description | Specifications |
|---|---|---|---|
agentUpdateType * | string | null | ||
customRdpProperty * | string | null | ||
etag * | string | null | ||
friendlyName * | string | null | ||
hostPoolType * | string | null | ||
identityPrincipalId * | string | null | ||
identityTenantId * | string | null | ||
identityType * | string | null | ||
isAgentUpdateUseSessionHostLocalTime * | boolean | null | ||
isCloudPcResource * | boolean | null | ||
isStartVMOnConnectEnabled * | boolean | null | ||
isValidationEnvironment * | boolean | null | ||
kind * | string | null | ||
lastModifiedOn * | number | null | ||
loadBalancerType * | string | null | ||
location * | string | null | ||
maxSessionLimit * | number | null | ||
objectId * | string | null | ||
personalDesktopAssignmentType * | string | null | ||
preferredAppGroupType * | string | null | ||
privateEndpointConnectionIds * | array | null | ||
publicNetworkAccess * | string | null | ||
region * | string | null | ||
registrationTokenExpirationOn * | number | null | ||
resourceGroup * | string | null | ||
ring * | number | null | ||
skuName * | string | null | ||
skuTier * | string | null | ||
ssoadfsAuthority * | string | null | ||
ssoClientId * | string | null | ||
ssoSecretType * | string | null | ||
vmTemplate * | string | null |
Azure Desktop Virtualization Workspace
azure_desktop_virtualization_workspace inherits from Service
| Property | Type | Description | Specifications |
|---|---|---|---|
applicationGroupReferences * | array | null | ||
category * | array | null | ||
etag * | string | null | ||
friendlyName * | string | null | ||
function * | array | null | ||
identityPrincipalId * | string | null | ||
identityTenantId * | string | null | ||
identityType * | string | null | ||
isCloudPcResource * | boolean | null | ||
kind * | string | null | ||
lastModifiedOn * | number | null | ||
location * | string | null | ||
objectId * | string | null | ||
privateEndpointConnectionIds * | array | null | ||
publicNetworkAccess * | string | null | ||
region * | string | null | ||
resourceGroup * | string | null | ||
skuName * | string | null | ||
skuTier * | string | null |
Azure Device
azure_device inherits from Device
| Property | Type | Description | Specifications |
|---|---|---|---|
aadDeviceId | string | ||
active | boolean | ||
alternativeSecurityIds | array of strings | ||
approximateLastSignInDateTime | number | ||
complianceExpirationDateTime | string | ||
deviceMetadata | string | ||
deviceVersion | number | ||
isCompliant | boolean | ||
isManaged | boolean | ||
manufacturer | string | ||
name | string | ||
onPremisesLastSyncDateTime | number | ||
onPremisesSyncEnabled | boolean | ||
operatingSystem | string | ||
operatingSystemVersion | string | ||
physicalIds | array of strings | ||
profileType | string | ||
registeredUsers | array of strings | ||
systemLabels | array of strings | ||
trustType | string |
Azure Device Registration Policy
azure_device_registration_policy inherits from AccessPolicy
| Property | Type | Description | Specifications |
|---|---|---|---|
description | string | ||
isAdminConfigurable | boolean | ||
isLocalAdminPasswordEnabled | boolean | ||
multiFactorAuthConfiguration | string | ||
userDeviceQuota | number |
Azure Easm Workspace
azure_easm_workspace inherits from Service
| Property | Type | Description | Specifications |
|---|---|---|---|
dataPlaneEndpoint | string | ||
location | string | ||
provisioningState | string | ||
type | string | ||
webLink | string |
Azure Function
azure_function inherits from Function
| Property | Type | Description | Specifications |
|---|---|---|---|
category * | array | null | ||
configHref * | string | null | ||
function * | array | null | ||
functionAppId * | string | ||
href * | string | null | ||
invokeUrlTemplate * | string | null | ||
isEnabled * | boolean | ||
language * | string | null | ||
name * | string | ||
scriptHref * | string | null | ||
scriptRootPathHref * | string | null | ||
secretsFileHref * | string | null | ||
testDataHref * | string | null | ||
type * | string | null |
Azure Group Unified Guest Setting
azure_group_unified_guest_setting inherits from Configuration
| Property | Type | Description | Specifications |
|---|---|---|---|
allowToAddGuests | boolean | ||
groupId | string | ||
templateId | string |
Azure Group Unified Guest Setting Template
azure_group_unified_guest_setting_template inherits from Configuration
| Property | Type | Description | Specifications |
|---|---|---|---|
description | string | ||
templateId | string |
Azure Group Unified Setting
azure_group_unified_setting inherits from Configuration
| Property | Type | Description | Specifications |
|---|---|---|---|
allowGuestsToAccessGroups | boolean | ||
allowGuestsToBeGroupOwner | boolean | ||
allowToAddGuests | boolean | ||
classificationDescriptions | string | null | ||
classificationList | string | null | ||
customBlockedWordsList | string | null | ||
defaultClassification | string | null | ||
enableGroupCreation | boolean | ||
enableMIPLabels | boolean | ||
groupCreationAllowedGroupId | string | null | ||
guestUsageGuidelinesUrl | string | null | ||
newUnifiedGroupWritebackDefault | boolean | ||
prefixSuffixNamingRequirement | string | null | ||
templateId | string | ||
usageGuidelinesUrl | string | null |
Azure Group Unified Setting Template
azure_group_unified_setting_template inherits from Configuration
| Property | Type | Description | Specifications |
|---|---|---|---|
description | string | ||
templateId | string |
Azure Iot Hub
azure_iot_hub inherits from Service
| Property | Type | Description | Specifications |
|---|---|---|---|
comments | string | ||
defaultTtlAsIso8601 | string | ||
deviceStreamingEndpoints | array of strings | ||
enableFileUploadNotifications | boolean | ||
enrichmentKeys | array of strings | ||
etag | string | ||
eventHubEndpoint | string | ||
eventHubPartitionCount | number | ||
eventHubPartitionIds | array of strings | ||
eventHubPath | string | ||
eventHubRetentionTimeInDays | number | ||
features | string | ||
feedbackLockDurationAsIso8601 | string | ||
feedbackMaxDeliveryCount | number | ||
feedbackTtlAsIso8601 | string | ||
hostName | string | ||
location | string | ||
maxDeliveryCount | number | ||
provisioningState | string | ||
region | string | ||
routeNames | array of strings | ||
skuCapacity | number | ||
skuName | string | ||
skuTier | string | ||
state | string | ||
tags | array of strings | ||
type | string | ||
webLink | string |
Azure Iot Security Solution
azure_iot_security_solution inherits from Configuration
| Property | Type | Description | Specifications |
|---|---|---|---|
additionalWorkspacesCount | number | ||
autoDiscoveredResources | array of strings | ||
createdBy | string | ||
createdByType | string | ||
createdOn | number | ||
disabledDataSources | array of strings | ||
displayName | string | ||
export | array of strings | ||
iotHubs | array of strings | ||
lastModifiedBy | string | ||
lastModifiedByType | string | ||
lastModifiedOn | number | ||
location | string | ||
recommendationsConfigurationCount | number | ||
region | string | ||
status | string | ||
tags | array of strings | ||
type | string | ||
unmaskedIpLoggingStatus | string | ||
userDefinedResourcesQuery | string | null | ||
userDefinedResourcesQuerySubscriptions | array | null | ||
webLink | string | ||
workspace | string |
Azure Machine Learning Compute
azure_machine_learning_compute inherits from Resource
| Property | Type | Description | Specifications |
|---|---|---|---|
category * | array | null | ||
computeLocation * | string | null | ||
computeType * | string | null | ||
description * | string | null | ||
function * | array | null | ||
identityPrincipalId * | string | null | ||
identityTenantId * | string | null | ||
identityType * | string | null | ||
isComputeAttached * | boolean | null | ||
isLocalAuthEnabled * | boolean | null | ||
lastModifiedOn * | number | null | ||
name * | string | null | ||
provisioningState * | string | null | ||
region * | string | null | ||
resourceGroup * | string | null | ||
skuName * | string | null | ||
skuTier * | string | null | ||
sshPublicAccess * | string | null | ||
subnetId * | string | null | ||
vmSize * | string | null |
Azure Machine Learning Workspace
azure_machine_learning_workspace inherits from Service
| Property | Type | Description | Specifications |
|---|---|---|---|
applicationInsights * | string | null | ||
category * | array | null | ||
containerRegistry * | string | null | ||
description * | string | null | ||
discoveryUrl * | string | null | ||
encryptionIdentityClientId * | string | null | ||
encryptionKeyIdentifier * | string | null | ||
encryptionKeyVaultArmId * | string | null | ||
encryptionStatus * | string | null | ||
friendlyName * | string | null | ||
function * | array | null | ||
hbiWorkspace * | boolean | null | ||
identityPrincipalId * | string | null | ||
identityTenantId * | string | null | ||
identityType * | string | null | ||
isDataIsolationEnabled * | boolean | null | ||
isPublicAccessAllowedWhenBehindVnet * | boolean | null | ||
isStorageHnsEnabled * | boolean | null | ||
keyVault * | string | null | ||
kind * | string | null | ||
lastModifiedOn * | number | null | ||
location * | string | null | ||
name * | string | null | ||
publicNetworkAccess * | string | null | ||
region * | string | null | ||
resourceGroup * | string | null | ||
skuName * | string | null | ||
skuTier * | string | null | ||
storageAccount * | string | null | ||
v1LegacyMode * | boolean | null | ||
workspaceId * | string | null |
Azure Recovery Services Vault
azure_recovery_services_vault inherits from Service
| Property | Type | Description | Specifications |
|---|---|---|---|
category * | array | null | ||
function * | array | null | ||
identityPrincipalId * | string | null | ||
identityTenantId * | string | null | ||
identityType * | string | null | ||
immutabilityState * | string | null | ||
keyVaultUri * | string | null | ||
location * | string | null | ||
name * | string | null | ||
privateEndpointConnections * | array | null | ||
privateEndpointStateForBackup * | string | null | ||
privateEndpointStateForSiteRecovery * | string | null | ||
publicNetworkAccess * | string | null | ||
region * | string | null | ||
resourceGroup * | string | null | ||
skuCapacity * | string | null | ||
skuFamily * | string | null | ||
skuName * | string | null | ||
skuSize * | string | null | ||
skuTier * | string | null | ||
softDeleteState * | string | null | ||
standardTierStorageRedundancy * | string | null |
Azure Service Principal Key Credential
azure_service_principal_key_credential inherits from Certificate
| Property | Type | Description | Specifications |
|---|---|---|---|
createdOn | number | ||
expiresOn | number | ||
keyId | string | ||
type | string | ||
usage | string |
Azure Sql Managed Instance
azure_sql_managed_instance inherits from Database
| Property | Type | Description | Specifications |
|---|---|---|---|
administratorLogin * | string | null | ||
administratorLoginPassword * | string | null | ||
category * | array | null | ||
collation * | string | null | ||
dnsZone * | string | null | ||
encryptionKeySource * | string | null | ||
fqdn * | string | null | ||
hostname * | string | null | ||
instancePoolId * | string | null | ||
isActive * | boolean | null | ||
isEncrypted * | boolean | null | ||
isPublicDataEndpointEnabled * | boolean | null | ||
isZoneRedundant * | boolean | null | ||
licenseType * | string | null | ||
location * | string | null | ||
minimalTlsVersion * | string | null | ||
name * | string | null | ||
primaryUserAssignedIdentityId * | string | null | ||
privateEndpointConnections * | array | null | ||
proxyOverride * | string | null | ||
region * | string | null | ||
resourceGroup * | string | null | ||
servicePrincipalType * | string | null | ||
skuCapacity * | number | null | ||
skuFamily * | string | null | ||
skuName * | string | null | ||
skuTier * | string | null | ||
state * | string | null | ||
storageAccountType * | string | null | ||
subnetId * | string | null | ||
timezoneId * | string | null | ||
type * | string | null |
Azure Sql Managed Instance Database
azure_sql_managed_instance_database inherits from Database
| Property | Type | Description | Specifications |
|---|---|---|---|
catalogCollation * | string | null | ||
collation * | string | null | ||
createMode * | string | null | ||
creationDate * | number | null | ||
currentServiceObjectiveName * | string | null | ||
defaultSecondaryLocation * | string | null | ||
displayName * | string | null | ||
id * | string | null | ||
isAutoCompleteRestore * | boolean | null | ||
lastBackupName * | string | null | ||
location * | string | null | ||
name * | string | null | ||
requestedServiceObjectiveName * | string | null | ||
resourceGroup * | string | null | ||
sourceDatabaseId * | string | null | ||
status * | string | null | ||
storageContainerUri * | string | null | ||
type * | string | null |
Azure Storage Container
azure_storage_container inherits from DataStore
| Property | Type | Description | Specifications |
|---|---|---|---|
containerSize | number | null | The total size of the container in bytes. If retrieving this value takes longer than 5 minutes while scanning blobs, the result will be null. | |
deleted | boolean | ||
leaseState | string | ||
leaseStatus | string | ||
publicAccess | string | Any of: ContainerBlobNone | |
resourceGroup | string |
Azure Vm
azure_vm inherits from Host
| Property | Type | Description | Specifications |
|---|---|---|---|
active | boolean | ||
applicationSecurityGroup | array of strings | ||
instanceStatus | array of strings | ||
provisioningState | string | ||
region | string | ||
resourceGroup | string | ||
state | string | ||
type | string | ||
usesManagedDisks | boolean | ||
vmId | string | ||
vmSize | string | ||
webLink | string |
Release Notes
- 2026-04-08 — Added configuration option to automatically delete child integration instances when their parent subscription or management group is removed from the Azure integration.
- 2026-04-08 — Improved OS name accuracy for Azure virtual machine entities by mapping marketplace image names to human-readable OS names.
- 2026-04-07 — Added Azure Traffic Manager data model, ingesting Traffic Manager profiles and endpoints.
- 2026-04-07 — Added Azure Activity Log Events ingestion as a new optionally enabled data source for monitoring control-plane operations.
- 2026-04-02 — Added Azure ARM Deployments and Managed Services as new entity types, exposing resource deployment and delegated management configurations.
- 2026-04-02 — Promoted network access control list default action and bypass settings to Azure Key Vault entities.
- 2026-04-02 — Promoted public network access property to Azure Event Hub namespace entities.
- 2026-04-01 — Added Azure Log Analytics workspaces and Application Insights components as new entity types with subscription relationships.
- 2026-04-01 — Added Azure Arc hybrid compute data model, ingesting Arc-enabled servers and machines as new entity types.
- 2026-03-23 — Added Azure Virtual WAN data model, ingesting Virtual WANs, Virtual Hubs, and hub connections.
- 2026-03-23 — Added Azure Kubernetes Fleet Manager data model, ingesting Fleet and Fleet Member entities.
- 2026-03-17 — Added Azure Desktop Virtualization data model, ingesting Host Pools, Application Groups, and Workspaces.
- 2026-03-17 — Added Azure Database Migration Service data model, ingesting migration services and projects.
- 2026-03-16 — Promoted SKU tier property to Azure Firewall and Firewall Policy entities.
- 2026-03-16 — Promoted shared private link request message to Azure Front Door backend pool entities.
- 2026-03-11 — Promoted request tracing enabled property to Azure Web App entities.
- 2026-03-10 — Added Azure App Configuration data model, ingesting App Configuration stores with encryption and access key details.
- 2026-03-06 — Added Azure Front Door Standard/Premium data model, ingesting Front Door profiles, endpoints, and routes.
- 2026-03-06 — Promoted 13 new properties to Azure Kubernetes cluster entities including network profile, add-on settings, and SKU tier.
- 2026-03-04 — Added Azure Chaos Studio data model, ingesting experiments and targets.
- 2026-03-04 — Added Azure Data Share data model, ingesting share accounts and invitations.
- 2026-02-19 — Promoted identity type and authentication settings to Azure API Management entities, exposing managed identity and authentication configuration.
- 2026-02-19 — Promoted identity type property to Azure VM scale set entities, exposing the managed identity type assigned to VM scale sets.
- 2026-02-17 — Added raw data properties for Azure private endpoint and subnet entities, including network interface references and IP configuration details.
- 2026-02-17 — Added flow analytics parameters (flow analytics enabled, traffic analytics interval) to Azure security group flow logs entities.
- 2026-02-12 — Added Enterprise Application attributes including service principal properties and app role assignments to Azure AD entities.
- 2026-02-11 — Promoted additional configuration properties to Azure Function App entities including runtime version and CORS settings.
- 2026-02-11 — Promoted service provider provisioning state, bandwidth, and circuit location properties to Azure ExpressRoute circuit entities.
- 2026-02-10 — Promoted VNet properties including DDoS protection enabled, flow timeout in minutes, and BGP community settings to Azure VNet entities.
- 2026-02-09 — Promoted properties on API management, ExpressRoute, and additional Azure resource types from raw data.
- 2026-01-22 — Added OWNS relationship between Azure service principals and their registered applications.
- 2026-01-20 — Promoted identity and network interface properties to Azure VM and related entities.
- 2025-12-15 — Preserved security rule properties (direction, port, protocol) in Azure NSG relationships for direct querying without traversal.
- 2025-12-04 — Added support for Azure NSG Rules, Route Tables, and Routes as queryable entity types.
- 2025-10-24 — Added Azure Bastion Host to public IP relationship, linking Bastion Host resources to their associated public IP addresses.
- 2025-10-22 — Promoted SKU name and SKU tier properties to Azure managed disk entities.
- 2025-10-20 — Promoted inbound IP rules to Azure Event Grid topic and Event Grid domain entities.
- 2025-10-16 — Promoted additional properties to Azure Machine Learning workspace and related entities.
- 2025-10-13 — Added is public property to Azure load balancer entities, derived from frontend IP configurations using public IP addresses.
- 2025-10-07 — Added ingestion of Azure AD group settings and group setting templates.
- 2025-10-01 — Added grant controls property to Azure conditional access policy entities, exposing required grant control conditions.
- 2025-09-30 — Added is trusted field to Azure conditional access named location entities.
- 2025-09-30 — Added Azure AD Authentication Strength Policies as new ingested entities.
- 2025-09-30 — Added ingestion of Azure subscription policies.
- 2025-09-30 — Added ingestion of Azure AD access reviews.
- 2025-09-25 — Added Azure External Attack Surface Management (EASM) workspaces as new entity types.
- 2025-09-22 — Added Azure Bastion Host ingestion with VNet relationship mapping.
- 2025-09-22 — Added SMB protocol version property to Azure storage account entities.
- 2025-09-22 — Added IoT Hub security solution and alert properties.
- 2025-09-22 — Promoted MySQL server properties from raw data to Azure MySQL server entities.
- 2025-09-15 — Added Azure IoT Hub security module ingestion.
- 2025-09-10 — Added Azure AD Authentication Methods Policy ingestion.
- 2025-09-09 — Promoted Azure Service Bus namespace properties including zone redundancy and premium tier settings.
- 2025-09-09 — Added SMB channel encryption property to Azure storage account entities.
- 2025-09-09 — Added Azure AD authorization policy ingestion.
- 2025-09-08 — Added blob versioning enabled property to Azure storage account entities.
- 2025-09-08 — Added key rotation reminder fields to Azure Key Vault key entities.
- 2025-09-05 — Added additional Azure Function App fields including identity, scale, and networking configurations.
- 2025-08-29 — Added ingestion of Azure AD service principal key credentials.
- 2025-08-27 — Added Azure Managed HSM and key rotation policy ingestion.
- 2025-08-27 — Added Azure private endpoint to Key Vault relationship.
- 2025-08-20 — Added relationships between Azure Automation accounts and Azure Policy states and private endpoints.
- 2025-08-20 — Added support for ingesting Azure SQL Managed Instances as new entity types.
- 2025-08-11 — Added Azure Databricks workspace ingestion as new entity types.
- 2025-08-06 — Added Azure Backup Vaults (Recovery Services backup container) as new entity types.
- 2025-08-06 — Added Azure Recovery Service Vaults ingestion with backup policy relationships.
- 2025-08-01 — Added Azure Bot Service ingestion as new entity types.
- 2025-07-31 — Added Azure Document Intelligence service ingestion as new entity types.
- 2025-07-30 — Added Azure Machine Learning workspace and compute resources ingestion.
- 2025-07-16 — Added advisor extended properties to Azure entities for recommendation querying.
- 2025-05-28 — Added exclusion properties to Azure conditional access policy entities for exclusion group/user details.
- 2025-05-28 — Related access package policies to primary approver users and groups.
- 2025-05-23 — Added user principal name property to Azure user entities.
- 2025-05-22 — Added Azure Automation Accounts ingestion with runbooks and schedules.
- 2025-05-01 — Added is guest property to Azure user entities distinguishing guest from member accounts.
- 2025-04-29 — Added Azure storage account access keys as queryable relationship properties.
- 2025-04-17 — Upgraded Azure Storage SDK; added minimum TLS version property to Azure storage account entities.
- 2025-04-03 — Added IP security restrictions and SCM IP security restrictions properties to Azure App Service entities, surfacing IP-based access restriction configurations.