You can add and protect Microsoft Azure virtual machines by connecting a Microsoft Azure account to Workload Security. Virtual machines appear on the Computers page, where you can manage them like any other computer.
Topics in this section:

Benefits of adding an Azure account Parent topic

The following are benefits of adding an Azure account (through Workload Security > Computers Add Azure Account) instead of adding individual Azure virtual machines (through Workload Security > Computers Add Computer),:
  • Changes in your Azure virtual machine inventory are automatically reflected in Workload Security. For example, if you delete a number of instances in Azure, those instances disappear automatically from the Workload Security console. By contrast, if you use Computers Add Computer, Azure instances that are deleted from Azure remain visible in the Workload Security console until they are manually deleted.
  • Virtual machines are organized into their own branch in the Workload Security console, which lets you easily see which Azure instances are protected and which are not. Without the Azure account, all your virtual machines appear at the same root level under Computers.

Supported Azure regions Parent topic

Currently Workload Security supports the Azure connector in the following regions:
  • Azure Global (both UI and API supported)
  • Azure US Gov (API only)
It does not support Azure China.

Add virtual machines from a Microsoft Azure account to Workload Security Parent topic

Add your Microsoft Azure account to Workload Security following the instructions below.

Procedure

  1. Before you begin, create an Azure app for Workload Security.
  2. In the Workload Security console, go to Computers Add Add Azure Account.
  3. Enter a Display name, and then enter the following Azure access information you recorded in step 1:
    • Directory ID
    • Subscription ID
    • Application ID
      Note
      Note
      If you are upgrading from the Azure classic connector to the Azure Resource Manager connector, the Display name and the Subscription ID of the existing connector is used.
      If you have multiple Azure subscriptions, specify only one in the Subscription ID field. You can add the rest later.
  4. Select the type of application credential that you want to use (Password or Certificate) and then provide the credential information:
    • For Password:
      • In the Application Password field, enter the client secret.
    • For Certificate:
      • Next to Certificate, click Choose File and upload the certificate.
      • Next to Private Key, click Choose File and upload the private key.
      • If the private key is protected by a password, enter it in Private Key Password (optional).
        The certificate must be in X.509 PEM text format and must be within its validity period. Binary format is not supported.
  5. Click Next.
  6. Review the summary information, and then click Finish.
  7. Repeat this procedure for each Azure subscription, specifying a different Subscription ID each time.
    The Azure virtual machines will appear in the Workload Security console under their own branch on the Computers page.
    You can right-click your Azure account name and select Synchronize Now to see the latest set of Azure VMs.
    You see all the virtual machines in the account. To only see certain virtual machines, use smart folders to limit your results. See Group computers dynamically with smart folders for more information.
    If you have previously added virtual machines from this Azure account, they are moved under this account in the Computers tree.

Manage Azure classic virtual machines with the Azure Resource Manager connector Parent topic

You can also manage virtual machines that were added with the Azure classic connector with the Azure Resource Manager connector, allowing you to manage both your Azure classic and Azure Resource Manager virtual machines with a single connector.
For more information, see Why should I upgrade to the new Azure Resource Manager connection functionality?

Procedure

  1. On the Computers page, in the Computers tree, right-click the Azure classic portal and then click Properties.
  2. Click Enable Resource Manager connection.
  3. Click Next. Follow the corresponding procedure above.

Remove an Azure account Parent topic

Removing an Azure account from the Workload Security console permanently removes the account from Workload Security but it does not affect the Azure account. Virtual machines with agents continue to be protected, but cannot receive security updates. If you later import these virtual machines from the same Azure account, the agents will download the latest security updates at the next scheduled update.

Procedure

  1. Go to the Computers page, right-click on the Microsoft Azure account in the navigation panel, and select Remove Cloud Account.
  2. Confirm that you want to remove the account.
  3. The account is removed from the Workload Security console.

Synchronize an Azure account Parent topic

When you synchronize an Azure account, Workload Security connects to the Azure API to obtain and display the latest set of Azure VMs.
To force a synchronization immediately:

Procedure

  1. In the Workload Security console, click Computers.
  2. On the left, right-click your Azure account and select Synchronize Now.
    There is also a background synchronization that occurs every 10 minutes, and this interval is not configurable. If you force a synchronization , the background synchronization is unaffected and continues to occur according to its original schedule.