|
核心功能
|
-
Microsoft.ContainerService/managedClusters/listClusterUserCredential/action
-
Microsoft.ContainerService/managedClusters/read
-
Microsoft.Resources/subscriptions/resourceGroups/read
-
Microsoft.Authorization/roleAssignments/read
-
Microsoft.Authorization/roleDefinitions/read
-
*/read
|
這些權限是將連接器部署到雲端帳戶所需的。
|
|
Server & Workload Protection
|
訂閱權限:
-
Microsoft.Resources/subscriptions/read
-
Microsoft.Resources/subscriptions/resourceGroups/read
-
Microsoft.Resources/providers/read
-
Microsoft.Resources/resources/read
|
|
|
虛擬機器 (VM) 權限:
|
|
|
虛擬機器規模設定 (VMSS) 權限:
|
|
|
經典虛擬機 (VM) 權限:
|
|
|
網路權限:
-
Microsoft.Network/networkSecurityGroups/read
-
Microsoft.Network/networkInterfaces/read
-
Microsoft.Network/publicIPAddresses/read
-
Microsoft.Network/virtualNetworks/read
|
|
|
Azure 中繼資料 API 權限:
|
|
|
驗證和 IAM 權限:
-
Microsoft.Resources/deployments/read
-
Microsoft.Authorization/roleAssignments/read
-
Microsoft.Authorization/roleDefinitions/read
|
|
|
Cloud Security Posture
|
requiredResourceAccess:
|
|
|
requiredRoleAccess
-
resourceAppName: Microsoft App Configuration
角色操作:
- 名稱:
Microsoft.AppConfiguration/configurationStores/ListKeyValue/action
-
resourceAppName: Microsoft Network
角色操作:
-
resourceAppName: Microsoft Web
角色操作:
-
resourceAppName: Microsoft Key Vault
資料操作:
|
|
requiredTenantScopeRoleAccess
|
|
無代理弱點與安全威脅偵測
|
訂閱權限:
-
Microsoft.ContainerRegistry/registries/generateCredentials/action
-
Microsoft.ContainerRegistry/registries/read
-
Microsoft.ContainerRegistry/registries/pull/read
-
Microsoft.ContainerRegistry/registries/tokens/write
-
Microsoft.ContainerRegistry/registries/tokens/operationStatuses/read
-
Microsoft.ContainerRegistry/registries/scopeMaps/read
-
Microsoft.ContainerRegistry/registries/tokens/read
-
Microsoft.Compute/disks/read
-
Microsoft.Compute/virtualMachines//read
-
Microsoft.HybridCompute/machines//read
-
Microsoft.Authorization/roleAssignments/write
-
Microsoft.Authorization/roleAssignments/delete
-
Microsoft.Authorization/roleAssignments/read
-
Microsoft.Compute/locations/usages/read
-
Microsoft.Quota/quotas/read
|
|
|
趨勢科技套件群組權限
Azure 內建角色:貢獻者
-
NotActions:
-
Microsoft.Authorization/*/Delete
-
Microsoft.Authorization/*/Write
-
Microsoft.Authorization/elevateAccess/Action
-
Microsoft.Blueprint/blueprintAssignments/write
-
Microsoft.Blueprint/blueprintAssignments/delete
-
Microsoft.Compute/galleries/share/action
-
Microsoft.Purview/consents/write
-
Microsoft.Purview/consents/delete
-
Microsoft.Resources/deploymentStacks/manageDenySetting/action
-
Microsoft.Subscription/cancel/action
-
Microsoft.Subscription/enable/action
Azure 內建角色:AcrPull
Azure 內建角色:儲存 Blob 資料防護擁有者
-
Microsoft.Storage/storageAccounts/blobServices/containers/*
-
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action
-
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*
|
|
趨勢科技儲存 ID 權限
Azure 內建角色:儲存 Blob 資料防護讀取者
-
Microsoft.Storage/storageAccounts/blobServices/containers/read
-
Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action
-
Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read
|
|
Azure 活動記錄的雲端偵測
|
無
|
|
|
Microsoft Defender 端點日誌收集
|
|
|
