Add a Microsoft Azure cloud account to Deep Security
This article does not apply to the Manager VM for Azure Marketplace. For that version, see Protect Microsoft Azure Virtual Machines with Deep Security Manager.
If you want to protect your Microsoft Azure Virtual Machines with Deep Security, you can connect your Microsoft Azure account to Deep Security. Once the connection is established, your Virtual Machines appear on the Computers page in Deep Security Manager, where you can manage them like any other computer.
(Optional) Configure proxy setting for cloud accounts
Does not apply to Deep Security as a Service
You can configure Deep Security Manager to use a proxy server specifically for connecting to instances being protected in cloud accounts. Go to Administration > System Settings > Proxies. In the Proxy Server Use section, select Deep Security Manager (Cloud Accounts - HTTP Protocol Only).
Add Virtual Machines from a Microsoft Azure cloud account to Deep Security
To import cloud resources into Deep Security Manager, Deep Security users must first have an account with which to access the cloud provider service resources. For each Deep Security user who will import a cloud account into the Deep Security Manager, Trend Micro recommends creating a dedicated account for that Deep Security Manager to access the cloud resources. That is, users should have one account to access and control the virtual machines themselves, and a separate account for their Deep Security Manager to connect to those resources.
If you have already added Azure VMs that are part of this Azure account, they will be moved in the tree structure to appear under this account.
- On the Computers page, click Add > Add Azure Account.
- Enter the account credentials used to log into the Azure portal and click Sign in.
The account must be both the owner and the global administrator of the default Azure Active Directory. For instructions on creating a user with global administrator rights, see Microsoft's Add new users or users with Microsoft accounts to Azure Active Directory article.
- Click Accept on the Deep Security Connector permissions page.
- Select the Azure Active Directory and Subscription Name and click Next.
- Review the summary information and click Finish.
The Azure virtual machines now appear in the Deep Security Manager under their own branch on the Computers page.
Upgrade from the Azure classic connector to the Azure Resource Manager connector
If Deep Security Manager currently manages virtual machines that used to be classic VMs but were later migrated to the Azure Resource Manager, you can also upgrade them to the Azure Resource Manager interface in Deep Security Manager.
For more information, see Why should I upgrade to the new Azure Resource Manager connection functionality?
- On the Computers page, in the Computers tree, right-click the Azure classic portal and click Properties.
- Click Enable Resource Manager connection.
- Sign in to your Azure account.
The account must be the global administrator of the default Azure Active Directory. For instructions on creating a user with global administrator rights, see Microsoft's Add new users or users with Microsoft accounts to Azure Active Directory article.
- Click Accept on the Deep Security Azure Connector permissions page.
- You will see a message saying that the connection to Resource Manager was enabled successfully. Click Close.
Remove a Microsoft Azure account
Removing a Microsoft Azure account from Deep Security Manager permanently removes the account from the Deep Security database. Your account with your cloud provider is unaffected and any Deep Security agents that were installed on the instances will still be installed, running, and providing protection (although they will no longer receive security updates.) If you decide to re-import computers from the Microsoft Azure account, the Deep Security Agents will download the latest Security Updates at the next scheduled opportunity.
- Go to the Computers page, right-click on the Microsoft Azure account in the navigation panel, and select Remove Cloud Account.
- Confirm that you want to remove the account.
- The account is removed from the Deep Security Manager.