The following page includes summary details on additional features around supported capabilities in InsightCloudSec that are specific to Microsoft Azure. For general information on support for all Cloud Service Providers, check out our Resources pages. As always, if you have any questions you can reach out to us through the Customer Support Portal.
Azure resource locking enables you to prevent other users in your organization from accidentally deleting or modifying critical resources by locking access. In InsightCloudSec, this capability applies to most supported top-level Azure resources. Note that in some scenarios InsightCloudSec represents certain resources as top-level even though they are not top-level within Azure (e.g., storage containers).
- InsightCloudSec supports Azure resource locking on every Azure resource we support with this capability.
- If you have specific questions on this capability or a supported Azure resource, reach out us through the Customer Support Portal.
- A functional InsightCloudSec installation
- Appropriate Azure permissions for resources you want to modify
Microsoft.Authorization/locks/readpermission, required for harvesting the lock information from Azure
Enabling resource locking is only available through the Azure Console. Details about this are available here.
You can also disable or delete resource locking through the Azure console and through the InsightCloudSec UI. This capability is available in InsightCloudSec under the individual resource property, as shown below.
Details on a locked Resource can be viewed individually through resource properties for supported resources.
In addition, users can take advantage of the
Resource Has Azure Lock Filter to build Insights or Bots around this capability.
Azure Least Privileged Access (LPA) feature within InsightCloudSec collects and presents the actions executed by a given user or role within a given time period. These logged actions are collected and analyzed to provide insights to the customer. Content for this feature is available in the following sections:
- Azure Least Privileged Access (LPA) - provides an overview of the feature designs and general details
- Azure LPA Setup - provides deployment and configuration instructions
- Azure LPA Usage - provides how to view and use the data collected within InsightCloudSec
When getting the permissions required to harvest rotation policies for a Service Encryption Key in Azure, there are two ways to do this: using role-based access control (RBAC) permissions or by creating an access policy within a key vault that can then be assigned to users, principals, and/or App Registrations. When using RBAC the permission required is:
Key Vault vs. Customer-managed Key Rotation
Any keys managed by a Key Vault won't return rotation policies unlike customer-managed keys.
However, if using an access policy on a specific key vault the following
LIST permission is required:
Updated 10 months ago