From version 7.1 onward, Lansweeper is capable of scanning resource groups and virtual machines hosted on the Microsoft Azure cloud computing platform. An asset is created for each resource group and for each virtual machine. This article explains what the requirements are for Azure scanning and how to set up and gather the Azure parameters required for scanning.
To scan an Azure cloud environment, the following requirements must be met:
- Your Lansweeper installation must be version 7.1 or higher.
- Your Lansweeper license must support Azure scanning.
- Your Lansweeper scanning server must have access to the Internet.
- You must provide Lansweeper with your Azure subscription ID, directory (tenant) ID and the application ID and key (password) of an application with read-only access to your subscription. Lansweeper uses the Azure Resource Manager (ARM) REST API to retrieve data.
Setting up the Azure application
To set up an application with read-only access to your Azure subscription and to gather the Azure properties required for scanning, do the following:
- Log into your Azure account and browse to your subscription. One way to do this is by clicking this direct link.
- Copy the subscription ID that is listed on the page, as you'll need to submit this in Lansweeper.
- Select the Azure Active Directory menu on the left and the Properties section within this menu.
- Copy the directory ID (tenant ID) that is listed on the page, as you'll need to submit this in Lansweeper
- Select the Azure Active Directory menu on the left, the App registrations section within this menu and hit the New application registration button.
- Submit a name and URL for your application and choose the Web App / API application type. The URL you submit doesn't really matter for Lansweeper purposes. Hit Create at the bottom of the page.
- Copy the application ID that is listed on the resulting page, as you'll need to submit this in Lansweeper.
- Hit the Settings button and then select the Keys menu.
- Submit a description for your key, choose whether or when it expires and hit Save. Though having the key expire is more secure, keep in mind that this will require you to generate a new one at some point in the future.
- Copy the key that was generated and that is now visible in the Value field of the page. You'll need to submit this as your application password in Lansweeper.
You will not be able to see your key again once you leave this page, so make sure you store it somewhere safe for future reference. If you do lose your key, you will need to generate a new one.
- Go back to your subscription, select the Access control (IAM) menu and hit + Add at the top to create a new role assignment.
- In the resulting menu, select the Reader role, perform a search for the application you created earlier, select it and hit Save.
- You now have the 4 parameters required to set up Azure scanning in Lansweeper: subscription ID, directory (tenant) ID, application ID and application password. You can configure Azure scanning in Lansweeper by following the instructions in this knowledge base article.