Update your Azure subscriptions imported from Server & Workload Protection.
Updating your Trend Cloud One Workload Security instance to Server & Workload Protection automatically imports any associated Azure
subscriptions into Cloud Accounts. However, the connection needs to be updated
before the Container Security features of Trend Vision One can start to protect the account. Updating a
legacy Azure subscription connection allows Trend Vision One to access your cloud service to provide security
and visibility into your cloud assets. Some Cloud Account features have limited
support for Azure regions. For more information, see Azure supported regions and
limitations.
NoteThe steps are valid for the AWS console as of March 2024.
|
Procedure
- Sign in to the Trend Vision One console.
- In a new tab in the same browser session, sign in to the Azure subscription you want to connect and access the Azure Cloud Shell.
- In the Trend Vision One console, go to .
- Click the name of the legacy connection subscription you want to update.
- In the Subscription Settings screen, click
Update Subscription.The Connect Azure Subscription screen appears.
- Verify the Subscription ID, Name, and Description or edit as needed.
- If you have more than one Server & Workload Protection
Manager instance, select the instance to associate with the connected
subscription.
Note
-
If you only have one Server & Workload Protection Manager instance, the subscription is automatically associated with that instance.
-
When updating a legacy connection, the subscription is disconnected from any other Server & Workload Protection instances.
-
- Click Download Azure Resource Creation
Script.
Note
If the button is not enabled, verify that you have specified a properly formatted subscription ID. - In Azure Cloud Shell, access the command line
interface.
Note
The Connect Azure Subscription screen in the Trend Vision One console provides a set of commands to help perform the following steps. To complete the connection process, you must copy each command provided in the screen to enable the Done button. While you can alter some of the parameters, Trend Micro recommends using the provided commands as is to prevent the deployment failing. - Create a new directory for the deployment folder and then
access the folder.Copy the command or type mkdir [directoryName] && cd [directoryName].
Note
The commands provided by Trend Vision One use your subscription ID as the directory name. While you can specify any directory name you want, you must ensure the folder has a unique name and that there are no other terraform files in the deployment folder. - Upload the resource creation script to your Azure Cloud
Shell.Azure Cloud Shell uploads the resource creation script to the root directory.
- Move the resource creation script to the deployment
folder.Copy the command or type mv ~/cloud-account-management-terraform.tf ./cloud-account-management-terraform.tf.
Important
The resource creation script must be the only terraform file in the directory. Having more than one terraform file in the folder interferes with deployment process and might cause the connection to fail. - Initiate Terraform and apply the resource creation
script.Copy the command or type terraform init && terraform apply.Azure Cloud Shell begins the terraform process to deploy Trend Vision One security resources.
- In the Trend Vision One console, in the Connect Azure Subscription
screen, click Done.
Note
If the Done button is not enabled, make sure you have copied the command line for each step on the screen.The update process might take a few moments to complete. You can refresh the Cloud Accounts scren to check the status of your updated legacy subscription.