Receptors & Integrations
      Back to home
      1. Trustero Support
      2. Trustero User Guide
      3. Receptors & Integrations

      Azure Receptor

      How to setup the Azure Receptor

      The Azure Receptor allows you to collect information from your Azure services as evidence. The Azure receptor automatically collects the evidence that the App Registration has permissions to access. For a complete list of supported Azure services refer to  Supported Azure Services.


      To enable Azure Receptor

      1. Create an App registration for the Azure Services: App Registration Setup Guide
      2. Note: It is recommended to segregate the application registration for Azure with other Microsoft services, as the Azure App would have elevated access to resources within Azure. 
      3. Grant permissions to the App Registration to resources that you want to collect as evidence (see Granting permissions to App Registrations below)
      4. Setup Azure Receptor within Trustero (see Azure Receptor Setup below)

      Granting permissions to App Registrations

      Application Registration provides the high-level permissions needed to access the services within Azure. However, to grant permissions to the app registration for accessing Azure Resource Groups, execute the following steps


      1. Open the details page of the Resource Group you want to grant access to

      2. Select `Access Control (IAM)`, then select Role Assignments
      3. Select + Add, Add role assignment
      4. Select Reader and then select Next
      5. Under Members while User, group, or service principal select +Select members
      6. Type the name of your app registration(e.g. Trustero-app in this example)  and then select the trustero-app Icon that shows up
      7. Click select, then select Review+Assign and then check the data then Review+Assign



      Azure Receptor Setup

      To activate the Azure Receptor:

      • Navigate to the Trustero app --> integrations --> receptors
      • Select the Azure Receptor from the Receptor List
      • Using the information from the App Registration Summary, fill in the following
        • Directory (Tenant) ID
        • Client ID 
        • Client Secret 

       

      Supported Azure Services

      The receptor collects evidence from these services:

      • Azure Automation
      • Azure Content Delivery Network (CDN)
      • Azure SQL Database
      • Azure Database for MySQL
      • Azure Database for PostgreSQL
      • Azure Load Balancer
      • Azure Virtual Machines
      • Microsoft Intune (Device Management)
      • Microsoft Intune (Endpoint Security)
      • Microsoft Entra ID (formerly Azure Active Directory)
      • Azure Kubernetes Service (AKS)
      • Microsoft Entra ID (Password Policies)
      • Microsoft Sentinel
      • Azure Disk Storage
      • Microsoft Entra ID (Audit Logs)
      • Azure Activity Logs
      • Azure Virtual Network (VNet)
      • Azure Blob Storage (Containers)
      • Microsoft Defender for Cloud (Compliance Standards)
      • Microsoft Defender for Cloud (Compliance Controls)
      • Microsoft Defender for Cloud (Vulnerability Assessments)
      • Azure Resource Manager
      • Azure Container Registry
      • Azure Storage Accounts