Skip to main content
All CollectionsGetting StartedData Sources Configuration
Mapping a Microsoft Azure Subscription Using Faddom
Mapping a Microsoft Azure Subscription Using Faddom
Alex Patnick avatar
Written by Alex Patnick
Updated over a week ago

Faddom can discover your Microsoft Azure environment without the need to install anything on your VMs. This guide will walk you through the process of setting this up for an Azure subscription.

Creating an App Registration

The first step in giving Faddom access to map an Azure environment is to create an App Registration. To do this, open the Azure portal and go to Azure Active Directory.

There select App Registrations on the left:

mceclip0.png

Then, select New registration:

mceclip1.png

Give the registration a name, and select whether you want to give access for a single tenant or multiple tenants. You can leave the Redirect URI empty:

mceclip2.png

After creating the App Registration, select it and from the overview tab, record the Application (client) ID and Directory (tenant) ID. You will need these later.

mceclip3.png

Finally, create a secret key for the App Registration. To do this, select Certificates and Secrets on the left and click on New client secret:

mceclip4.png

Make sure to record the Value of the key and not the secret ID, you will need this later. The value will only be available right after you create the key and cannot be recovered later. Instead, you can create a new secret key if needed.

mceclip5.png

Giving permissions to the App Registration

Once you have created an App Registration, it still does not have any permissions to your environment. The App Registration is basically the user that Faddom will use to access the environment, we now need to give it permissions.

To do this, open up the Subscription that you would like Faddom to map and select IAM on the left, there , under Add, click Add role assignment:

mceclip6.png

Search for the Reader role, select it and click Next:

mceclip7.png

In the Members tab, click on Select members and search for the App Registration we created in the previous step:

mceclip8.png

Click on the App Registration, then click on Select, and then on Review + assign.

You can repeat this process for any additional Subscriptions you want Faddom to map.

Creating Flow Logs

The next step in the integration is to create the Flow Logs allowing Faddom to view the network traffic passing between your VMs. You can use either VNET Flow Logs or NSG Flow Logs. We recommend VNET Flow Logs as this is set on a VPC and not per NSG and will not require additional work if you set up a new NSG.

VNET Flow Logs

  1. In the search box at the top of the portal, enter Network Watcher. Select Network Watcher from the search results.
    ​​

  2. Under Logs, select Flow Logs
    ​​

  3. In Network Watcher | Flow logs, select Create or Create flow log

    Screenshot of Network Watcher flow logs in the Azure portal.

  4. On the Basics tab of Create a flow log, enter or select the following values:

    Project Details

    Instance details

    Screenshot that shows the Basics tab of creating a virtual network flow log in the Azure portal.



  5. OPTIONAL - if you wish to capture more information you can enable traffic analytics.

    1. If you do not want this click Next: Tags to skip

    2. To enable this, select Next: Analytics button, or select the Analytics tab. Enter or select the following values:


      Screenshot that shows how to enable traffic analytics for a new flow log in the Azure portal.

  6. Select Review + create.

  7. Review the settings, and then select Create

NSG Flow Logs

It is required to use Flow Logs version 2 so that Faddom can read the data,

To set this up, search for NSG flow log in the main search bar:

mceclip9.png

In the Create a flow log screen, select the subscription you would like to create a flow log for, and then click on Select NSG. There, select all of the NSGs you would like Faddom to monitor traffic for.

mceclip10.png

Storage Account

You can also create a new storage account to store the flow logs. Faddom will require access to this account to read the logs. It is recommended to create a StorageV2 account so that you can set retention. Faddom does not require flow log retention, so you can set it to a minimum of 1 day to reduce storage costs. See the Azure Documentation for more information.

mceclip11.png

Now, click on Review + create to create the flow log.

Faddom will require access to the storage account that is storing the flow logs. To do this, open up the Storage account in the Azure portal and go to the Access keys on the left. Faddom requires the Connection string value to connect, record this for later.

mceclip12.png


Setting Up The Discovery In Faddom

Now that we have everything configured in Azure, we can set up the discovery in Faddom.

From the Overview screen, select Data Sources, then select Azure

1.png

Under Azure Credentials, enter the details you recorded in step 1 - The Application ID, Directory ID and Secret Value:

2.png

Then click Discover to show the Azure Flow Logs settings:

Here, click on Enable FlowLogs, enter the Connection String you recorded in step 2, and click on Apply FlowLog settings:

3.png

Faddom should now be mapping your Azure Subscription. You should be able to see VM details under Discover -> Azure VMs, and the network traffic for these VMs should start to appear within a few minutes.

Did this answer your question?