Views:

Learn which resources are deployed in your Azure environment for each TrendAI Vision One™ feature that you can enable on an Azure subscription.

Note
Note
The resources listed here are deployed when connecting or updating a single Azure subscription. To view the resources deployed when connecting an Azure Management Group, see Resources deployed for Azure management groups.

Resources deployed when connecting Azure subscriptions

Feature name
Services deployed (number)
Core features and Cyber Risk Exposure Management
Resources:
  • Azure Management Group (1): A dedicated Azure Management Group is automatically created during onboarding to organize the connected Azure subscriptions under a single hierarchy managed by TrendAI Vision One™. This centralizes governance and visibility across onboarded subscriptions and allows TrendAI Vision One™–managed resources and permissions to be scoped and controlled at scale.
  • Azure Storage Account (1): An Azure Storage Account is automatically provisioned by TrendAI Vision One™ during onboarding to serve as the backend storage for IaC-related artifacts created by TrendAI Vision One™.
  • Azure Blob Container with Terraform state file (1): Within the automatically created Storage Account, a Blob Container containing a Terraform state file is created and managed by TrendAI Vision One™ to prevent conflicts or orphaned resources by keeping IaC state centralized and consistent.
  • App Registration (1)
  • Federated Credential (1)
  • Applications (1)
  • Role and Role Assignments of the Service Principal (1)
Agentless Vulnerability & Threat Detection
Resource Groups:
  • resource group (1 common)
  • resource group (3, one each for US/AS/EU)
IAM and Security:
  • custom role (1 for Sentry)
  • role assignment (32 per region)
Key Vault
  • key vault (1)
  • key vault access policy (1 for primary location, 2 per region)
  • key vault secret (2 for primary location)
Storage
  • storage account (1 per region)
  • storage container (3 per region)
  • storage blob (21 per region)
  • storage queue (8 per region)
  • storage table (1 per region)
  • storage share (2 per region)
  • storage management policy (1 per region)
Service Bus
  • servicebus namespace (1 per region)
  • servicebus queue (1 dispatcher for primary location, 3 per region)
App Services
  • service plan (1 dispatcher and 1 secret token rotator for primary location, 6 per region)
  • linux function app (1 dispatcher for primary location, 16 per region)
Virtual Machines
  • virtual machine (3 per region when disks are available for scanning)
Real-Time Posture Monitoring
Azure resources:
  • Resource Group (1)
  • Logic App Workflow (1)
  • Logic App HTTP Request Trigger (1)
  • Monitor Action Group (1)
  • Monitor Activity Log Alert (1)
Data Security Posture
Phase: Deployment
Automation:
  • azurerm_automation_account (1)
  • azurerm_automation_webhook (2)
  • azurerm_automation_credential (1)
  • azurerm_automation_runbook (6)
  • azurerm_automation_python3_package (3)
  • azurerm_automation_schedule (3)
  • azurerm_automation_job_schedule (3)
Compute (Bastion):
  • azurerm_bastion_host (1)
Identity:
  • azurerm_user_assigned_identity (2)
Key Vault:
  • azurerm_key_vault (1)
  • azurerm_key_vault_secret (2)
  • azurerm_key_vault_access_policy (1)
Monitoring:
  • azurerm_monitor_action_group (2)
  • azurerm_monitor_activity_log_alert (1)
Networking:
  • azurerm_virtual_network (1)
  • azurerm_subnet (2)
  • azurerm_network_security_group (2)
  • azurerm_network_security_rule (12)
  • azurerm_public_ip (1)
Resource Group:
  • azurerm_resource_group (1)
IAM (RBAC):
  • azurerm_role_assignment (19)
Service Bus:
  • azurerm_servicebus_namespace (1)
  • azurerm_servicebus_queue (1)
Storage:
  • azurerm_storage_account (1)
  • azurerm_storage_container (1)
Compute:
  • azurerm_managed_disk (1)
Phase: Runtime
The following resources are created dynamically by automation runbooks:
  • Virtual Machines (dynamic)
  • Managed Disks (dynamic)
  • Network Interfaces (dynamic)
  • Metric Alerts (dynamic)
  • Event Grid Subscriptions (dynamic)
  • Blob Storage Containers (dynamic)
  • Key Vault Secrets (dynamic)
Microsoft Defender for Endpoint Log Collection
Azure resources:
  • Resource Groups (1)
  • Event Hubs Namespace (1)
  • Event Hubs (1)
  • App Service Plans (1)
  • Function Apps (6)
  • Application Insights (6)
  • Log Analytics Workspaces (1)
  • Key Vault (1)
  • Key Vault Secrets (3)
  • Storage Accounts (1)
  • Storage Tables (1)
  • Storage Containers (1)
  • Role Assignments (12)
  • Azure AD App Role Assignments (7)
Cloud Detections for Azure Activity Log
Azure resources:
  • Resource Groups (1)
  • Event Hubs Namespace (1)
  • Event Hubs (1)
  • App Service Plans (1)
  • Function Apps (3)
  • Application Insights (3)
  • Log Analytics Workspaces (1)
  • Key Vault (1)
  • Key Vault Secrets (2)
  • Storage Accounts (1)
  • Storage Tables (1)
  • Storage Queues (1)
  • Storage Containers (1)
  • Role Assignments (8)