Runecast Analyzer: Connecting to Clouds - Microsoft Azure
5 min read

Runecast Analyzer: Connecting to Clouds - Microsoft Azure

Runecast Analyzer: Connecting to Clouds - Microsoft Azure

One of the joys of working for a startup is that you get to see ideas grow from a lightbulb moment, all the way to a delivered feature. When I joined Runecast, a little over a year ago they were still pretty heavily focussed in the VMware space. That functionality is still there, and continues to grow, but something I'm really happy to see happen is the broadening of the portfolio to include other tech. Sure, AWS functionality was launch in late 2019, but there's been a lot of growth there (for instance: Runecast Analyzer can now be deployed natively to AWS from the AWS Marketplace - showing our commitment to cloud tech).

The most recent release shipped yesterday, adding support for Microsoft's popular Azure cloud service. There's a whole bunch of stuff covered, including best practices and CIS benchmarks for the likes of Azure AD, Subscriptions, Azure Functions, Azure VMs, Storage Accounts and a ton more. Instead of reeling off the full set, I'd like to point you to the website where Jason Mashak (our head of MarComms, whatever that is ;)) runs the whole shebang past you. I then take things a little more in-depth in the deep dive post.

Anyhoo, the whole idea behind this post was to help folks who might have just gotten their hands on the 5.0 codebase to connect up to their Azure instance. Let's get moving!

The first things we need to do are to update Runecast Analyzer to at least version 5.0, and login to the Azure portal for our account. I figured you'd be good with both of those without needing instructions.

Next, we need to create an App in our Azure subscription. This is the object that identifies the account that will be used to connect from Analyzer to the Azure subscription (or subscriptions) in our account. Click App Registrations to kick off this process.

Select App Registration
Select App Registration

Click New Registration

Create New Registration
Create New Registration

Give the app a friendly name, then click Register

Enter a friendly name
Enter a friendly name for the app

Copy the Application (client) ID and the Directory (tenant) ID - you'll need these later. At this point we've created the Azure object that will be used for the connection

Capture the Client and Tenant IDs
Capture the Client and Tenant IDs

Click Certificates & Secrets. From here we will create the secret that will be used by the App to authenticate

Certificates & secrets
Certificates & secrets

click New Client Secret, then complete a description and select the validity period for the secret. Click Add

Add client secret

Copy the value of the secret and store it somewhere safe, you'll again need this later

Click API permissions. Here's where we will grant the minimum required privileges (in line with security best practices) for our RunecastAnalyzerApp to connect in

Select API Permissions
Select API Permissions

Add a permission

Add a permission
Add a permission

Select Microsoft Graph API

Microsoft Graph API
Microsoft Graph API

Select Application Permissions

Application Permissions
Application Permissions

In the "Select Permissions" search box, type "Directory". Expand the Directory permissions, then check the box for Directory.Read.All. Click Add Permissions.

Add Directory.Read.All permission
Add Directory.Read.All permission

We see from here that admin consent is required for this

Admin consent required

Let's grant admin consent. Highlight the Directory.Read.All permissions, then click the magic button!

Grant admin consent
Grant admin consent

Confirm that we want to grant consent

Confirm admin consent
Confirm admin consent

That's the API permissions setup. Next, we need to apply the privileges to a subscription (you could easily scope this account for multiple subscriptions, I have only one in this case). Back on the Azure portal dashboard, browse to Subscriptions. Click here

Open Subscriptions
Open Subscriptions
Select the subscription(s)
Select the subscription(s)

Click into the subscription in question, then click Access Control (IAM)

Browse to Access Control (IAM)

Click Add Role Assignments

Add Role Assignments
Add Role Assignments

Select the Reader role

Select Reader role
Select Reader role

Next, in the Select box, type the name of the App that we created back at the beginning

Click on the app name, then click Save. At this point, we've created the account, given it the relevant API access and applied this access to the subscription. Our next steps take place in the Runecast Analyzer interface

Click Settings
Click Settings

Click Settings, then browse down to Azure. Click Add Azure

Add Azure
Add Azure

Paste in the Tenant ID, Client ID and Client Secret that you created earlier, then hit Continue

Enter the credentials for the connection
Enter the credentials for the connection

Congratulations - you've connected Runecast Analyzer to your Azure subscription. Now get analyzing, and make stuff better!

If a video makes things easier... I got your back :) See below