# Azure

ASM supports Azure integrations to expand the functionality of various ASM capabilities. ASM is capable of identifying a range of exposures and cloud security vulnerabilities including:

Public domain and IP address exposures across multiple Azure services
Azure Storage accounts with weak security configurations such as use of Shared Key authorization or use of insecure, weak, or deprecated communication and encryption protocols
Azure Storage accounts with overly permissive network access policies
Azure Storage Containers and Blobs with overly permissive access policies

These and future Azure-focused ASM capabilities can be enabled by following the integration steps below.

# Create an app registration

Login to your Azure portal
Navigate to Azure Active Directory
Click App registrations
Add a new registration
1. Leave Accounts in this organizational directory only as the default
2. Leave Redirect URI empty
Click Register
Click "Overview" on the app registration you just created
Copy the Application (client) ID and Directory (tenant) IDs to your notepad

# Grant permissions

Search for and select "Subscriptions" or "Management Groups"
Select the subscription or management group you want to grant access for
Click Access Control (IAM)
Click Add > Add Role Assignment
Search for and select Reader
Click next
Leave Assign Access to as User, group, or service principal
Add the app registration as a member
Select Review + Assign
Repeat for all subscriptions you want integrated

# Generate a Secret

In the Azure portal, navigate to your created App Registration
Click certificates & secrets > New client secret
Set an expiration date suitable for your organization. You will be notified by Scanny when your secret is 1 week from expiration.
Copy the client secret value and expiration to your notepad

# Integrate with ASM

Navigate to the Cloud exposure dashboard and click the + button in the top right
Supply the information from your notepad saved from the previous steps and click add.