Granting minimal level of access for Azure Security Scans with AZSK

Granting minimal level of access for Azure Security Scans with AZSK

In order to carry out Azure Security Assessment with AZSK (Secure DevOps Kit for Azure) tool following Azure AD and IAM roles should be created.

  • Global Reader and Security Reader in Azure AD
  • Reader IAM RBAC Role in subscription scope

Below is the detailed instruction for creating above mentioned two accounts

Instruction to Create Account for AZSK Scans

1. Creating Account for Azure AD

    1. Navigate to Azure Active Directory >>> Users
    2. Create new or give permission to and existing account for Azure AD
    3. Select created/existing user and add assignment
    4. Assign Global Reader and Security Reader Roles

clip_image002

clip_image004

clip_image006

clip_image008

clip_image010

clip_image012

2. Granting Reader IAM role for subscriptions

  1. Select desired subscription
  2. Navigate to Access Control (IAM) Menu
  3. Select Add Role Assignment
  4. Select Reader role and Seletc desired user and press Save

clip_image014

clip_image016

clip_image018

Comments are closed.