Views:

Learn which resources are deployed in your Azure environment for each Trend Vision One feature that you can enable on an Azure subscription.

Feature name
Services deployed (number)
Core features and Cyber Risk Exposure Management
Resources:
  • Azure Management Group (1): A dedicated Azure Management Group is automatically created during onboarding to organize the connected Azure subscriptions under a single hierarchy managed by Trend Vision One. This centralizes governance and visibility across onboarded subscriptions and allows Trend Vision One–managed resources and permissions to be scoped and controlled at scale.
  • Azure Storage Account (1): An Azure Storage Account is automatically provisioned by Trend Vision One during onboarding to serve as the backend storage for IaC-related artifacts created by Trend Vision One.
  • Azure Blob Container with Terraform state file (1): Within the automatically created Storage Account, a Blob Container containing a Terraform state file is created and managed by Trend Vision One to prevent conflicts or orphaned resources by keeping IaC state centralized and consistent.
  • App Registration (1)
  • Federated Credential (1)
  • Applications (1)
  • Role and Role Assignments of the Service Principal (1)
Agentless Vulnerability & Threat Detection
Resource Groups:
  • resource group (1 common)
  • resource group (3, one each for US/AS/EU)
IAM and Security:
  • custom role (1 for Sentry)
  • role assignment (32 per region)
Key Vault
  • key vault (1)
  • key vault access policy (1 for primary location, 2 per region)
  • key vault secret (2 for primary location)
Storage
  • storage account (1 per region)
  • storage container (3 per region)
  • storage blob (21 per region)
  • storage queue (8 per region)
  • storage table (1 per region)
  • storage share (2 per region)
  • storage management policy (1 per region)
Service Bus
  • servicebus namespace (1 per region)
  • servicebus queue (1 dispatcher for primary location, 3 per region)
App Services
  • service plan (1 dispatcher and 1 secret token rotator for primary location, 6 per region)
  • linux function app (1 dispatcher for primary location, 16 per region)
Virtual Machines
  • virtual machine (3 per region when disks are available for scanning)
Real-Time Posture Monitoring
Azure resources:
  • Resource Group (1)
  • Logic App Workflow (1)
  • Logic App HTTP Request Trigger (1)
  • Monitor Action Group (1)
  • Monitor Activity Log Alert (1)
Data Security Posture
Terraform resources:
  • azurerm_network_security_group
  • azurerm_network_security_rule
  • azurerm_resource_group
  • azurerm_automation_account
  • azurerm_role_assignment
  • azurerm_automation_webhook
  • azurerm_monitor_action_group
  • azurerm_automation_python3_package
  • azurerm_automation_runbook
  • azurerm_automation_job_schedule
  • azurerm_public_ip
  • azurerm_subnet
  • azurerm_subnet_network_security_group_association
  • azurerm_bastion_host
Microsoft Defender for Endpoint Log Collection
Azure resources:
  • Resource Groups (1)
  • Event Hubs Namespace (1)
  • Event Hubs (1)
  • App Service Plans (1)
  • Function Apps (6)
  • Application Insights (6)
  • Log Analytics Workspaces (1)
  • Key Vault (1)
  • Key Vault Secrets (3)
  • Storage Accounts (1)
  • Storage Tables (1)
  • Storage Containers (1)
  • Role Assignments (12)
  • Azure AD App Role Assignments (7)
Cloud Detections for Azure Activity Log
Azure resources:
  • Resource Groups (1)
  • Event Hubs Namespace (1)
  • Event Hubs (1)
  • App Service Plans (1)
  • Function Apps (3)
  • Application Insights (3)
  • Log Analytics Workspaces (1)
  • Key Vault (1)
  • Key Vault Secrets (2)
  • Storage Accounts (1)
  • Storage Tables (1)
  • Storage Queues (1)
  • Storage Containers (1)
  • Role Assignments (8)