Add a Microsoft Azure account to Deep Security

Once you've installed Deep Security Manager, you can add and protect Microsoft Azure virtual machines by connecting a Microsoft Azure account to the Deep Security Manager. Virtual machines appear on the Computers page, where you can manage them like any other computer.

Topics in this article:

Configure a proxy setting for the Azure account

You can configure the Deep Security Manager to use a proxy server to access resources in Azure accounts.

  1. Go to Administration > System Settings > Proxies.
  2. In the Proxy Server Use section, select your proxy from the Deep Security Manager (Cloud Accounts - HTTP Protocol Only) list.

Add virtual machines from a Microsoft Azure account to Deep Security

You can add virtual machines to the Deep Security Manager using either the Quick or Advanced method. The Quick method requires an Azure account that has been assigned the Global Administrator role for the Azure Active Directory and the Subscription Owner role for the Azure subscription to access your Azure resources. The Advanced method involves creating an Azure app for the Deep Security Manager that provides read-only access to Azure resources.

  1. On the Computers page, click Add > Add Azure Account.
  2. Select either the Quick method or the Advanced method, and then click Next. Follow the corresponding procedure below:

Quick

Trend Micro recommends creating a dedicated Azure account for adding Azure resources into the Deep Security Manager. This allows you to change the user rights of the dedicated account independently of Azure accounts used to access and manage Azure resources.
  1. Enter your Azure portal account credentials and click Sign in.
    The account must have been assigned the Global Administrator role for the Azure Active Directory and the Subscription Owner role for the Azure subscription. These privileges are required for Deep Security to automate the provisioning of a Service Principal object in the Azure Active Directory. Deep Security uses the Service Principal object to authenticate itself to your Azure subscription so that it can invoke the necessary Azure APIs to synchronize your Azure virtual machines in the Deep Security Manager console. For information on creating a user with a Global Administrator role, see Microsoft's Add new users or users with Microsoft accounts to Azure Active Directory article.
  2. On the Deep Security Azure Connector permissions page, click Accept.
  3. Select the Azure Active Directory and Subscription Name, and then click Next.
  4. Review the summary information, and then click Finish.
If you have previously added virtual machines from this Azure account, they will be moved under this account in the Computers tree.

Advanced

  1. Log in to the Azure portal.
  2. Follow the procedures in Create an Azure app for Deep Security to create a new Azure app for the Deep Security Manager.
  3. Enter a Display name, and then enter the following Azure access information you recorded in step 2:
    • Active Directory ID
    • Subscription ID
    • Application ID
    • Application Password

    If you are upgrading from the Azure classic connector to the Azure Resource Manager connector, the Display name and the Subscription ID of the existing connector will be used.

  4. Click Next.
  5. Review the summary information, and then click Finish.

The Azure virtual machines will appear in the Deep Security Manager under their own branch on the Computers page.

You will see all the virtual machines in the account. If you'd like to only see certain virtual machines, use smart folders to limit your results. See Group computers dynamically with smart folders for more information.

If you have previously added virtual machines from this Azure account, they will be moved under this account in the Computers tree.

Manage Azure classic virtual machines with the Azure Resource Manager connector

You can also manage virtual machines that were added with the Azure classic connector with the Azure Resource Manager connector, allowing you to manage both your Azure classic and Azure Resource Manager virtual machines with a single connector.

For more information, see Why should I upgrade to the new Azure Resource Manager connection functionality?

  1. On the Computers page, in the Computers tree, right-click the Azure classic portal and then click Properties.
  2. Click Enable Resource Manager connection.
  3. Select either the Quick method or the Advanced method, and then click Next. Follow the corresponding procedure above.

Remove an Azure account

Removing an Azure account from the Deep Security Manager will permanently remove the account from the Deep Security database. This will not affect the Azure account. Virtual machines with Deep Security agents will continue to be protected, but will not receive security updates. If you later import these virtual machines from the same Azure account, the Deep Security agents will download the latest security updates at the next scheduled update.

  1. Go to the Computers page, right-click on the Microsoft Azure account in the navigation panel, and select Remove Cloud Account.
  2. Confirm that you want to remove the account.
  3. The account is removed from the Deep Security Manager.