Azure scanning requirements

From version 7.1 onward, Lansweeper is capable of scanning resource groups and virtual machines hosted on the Microsoft Azure cloud computing platform. An asset is created for each resource group and for each virtual machine. This article explains what the requirements are for Azure scanning and how to set up and gather the Azure parameters required for scanning.

Requirements

To scan an Azure cloud environment, the following requirements must be met:

  • Your Lansweeper installation must be version 7.1 or higher.
  • Your Lansweeper license must support Azure scanning.
  • Your Lansweeper scanning server must have access to the Internet.
  • You must provide Lansweeper with your Azure subscription ID, directory (tenant) ID and the application ID and key (password) of an application with read-only access to your subscription. Lansweeper uses the Azure Resource Manager (ARM) REST API to retrieve data.

Setting up the Azure application

To set up an application with read-only access to your Azure subscription and to gather the Azure properties required for scanning, follow the steps below.

Step 1: copy your subscription ID

Log into your Azure account and browse to your subscription. One way to do this is by clicking this direct link. Copy the subscription ID that is listed on the page, as you'll need to submit this in Lansweeper.

Step 2: copy your tenant ID

Click the portal menu button in the upper left corner of the screen, select Azure Active Directory and then the Properties section within. Copy the tenant ID (directory ID) that is listed on the page, as you'll need to submit this in Lansweeper.

Step 3: create an app and copy the application ID

Select the Azure Active Directory menu on the left, the App registrations section within and hit the + New registration button. Submit a descriptive name for the application, choose who can use it and hit Register at the bottom of the page. Copy the application ID that is listed on the resulting page, as you'll need to submit this in Lansweeper.


Step 4: create an app secret

In the Certificates & secrets menu of your application, click the + New client secret button. Submit a description for your key, choose whether or when it expires and hit Add. Though having the key expire is more secure, keep in mind that this will require you to generate a new one at some point in the future.

Copy the key that was generated and that is now visible in the Value field of the page. You'll need to submit this as your application password in Lansweeper.

You will not be able to see your key again once you leave this page, so make sure you store it somewhere safe for future reference. If you do lose your key, you will need to generate a new one.

Step 5: assign an app role

Go back to your subscription. One way to do this is by clicking this direct link. Click on the name of your subscription and select the Access control (IAM) menu. Hit + Add at the top and then select Add role assignment

Perform a search for the Reader role, select it and hit Next at the bottom of the page. Hit the + Select members button, perform a search for the application you created earlier, select it and hit Select. Hit the Review + assign button twice to assign the role to your app.

Step 6: set up Azure scanning in Lansweeper

You now have the 4 parameters required to set up Azure scanning in Lansweeper: subscription ID, directory (tenant) ID, application ID and application password. You can now configure Azure scanning in Lansweeper by following the instructions in the knowledge base.

Related Articles

Get Started Right Away

Try Lansweeper for Free