Lucidum uses the Microsoft Azure connector to retrieve data from:

  • Microsoft Azure instances

  • Azure Active Directory instances

Microsoft Azure is a cloud computing service created by Microsoft for building, testing, deploying, and managing applications and services through a global network of Microsoft-managed data.

Microsoft Azure Active Directory (Azure AD) is Microsoft's multi-tenant, cloud-based directory, and identity management service.

Requirements

To use the Azure Connector in Lucidum:

  1. Before configuring the Microsoft Azure connector in Lucidum, you must a create a read-only application in Azure that allows Lucidum to retrieve information from Azure and Azure Active Directory.

  2. You can then configure the Microsoft Azure connector in Lucidum and start retrieving data from Microsoft Azure, Azure Action Directory.

Prerequisite: Creating an Azure Application

  1. Log in to the Azure Portal (https://portal.azure.com/ ) with an Azure AD global administrator account.

    NOTE: Do not log in with the Application Administrator account. This Application Administrator account does not have the required privileges.

  2. Select Azure Active Directory.

  3. If you have more than one directory, make sure you are logged in to the directory you want to access with Lucidum.

  4. If you want to change directories, click on the top-right account icon and then click Switch Directory.

  5. In the left menu, select App registrations. In the main pane, click New registration. The Register an application page appears.

  6. In the Register Applications page, enter values in these fields:

    • Name. Enter Lucidum.

    • Support account types. Select Accounts in this organizational directory only.

  7. Click Register.

  8. After you have created the application, the Azure portal displays the Application (client) ID and Directory (tenant) ID. Copy and save these values. You will need these values later to configure the Microsoft Azure connector in Lucidum.

  9. In the left menu, click Certificates & Secrets. In the main pane, click New Client Secret. The Add a client secret pane appears on the right.

  10. Supply values in the Add a client secret pane:

    • Description. Provide a description of the secret.

    • Expires. Select 24 months.

    • Click Add.

  11. Copy and save the secret value and the secret ID. You will need these values later to configure the Microsoft Azure connector in Lucidum.

  12. In the left menu, click API Permissions. In the main pane, click Add a permission. In the right pane, select Microsoft Graph.

  13. Click Application permissions. The Request API Permissions pane appears.

  14. In the Request API permission pane, select:

    • User > User.Read.All

    • Directory > Directory.Read.All

  15. If you want to monitor audit log information, including whether a user used MFA in the last sign-in, you can add AuditLog> AuditLogs.Read.All.

  16. If you want to monitor authentication methods, you can add UserAuthenticationMethod > UserAuthenticationMethod.Read.All.

  17. Click Add permissions.

  18. In the main pane, click Grant admin consent for {your-domain} and then click yes.

  19. In the search box at the top bar of the panel, search for Subscriptions. Click Subscriptions.

  20. In the Subscriptions page, copy and save the value of the Subscription ID. You will need this value later to configure the Microsoft Azure connector in Lucidum.

  21. In the main pane, click Add and select Add role assignment. The Add role assignment pane appears.

  22. In the Add role assignment pane, select:

    • Role. Select Reader.

    • Assign Access to. Select User, group, or service principal.

    • Select. Select the Lucidum application.

  23. Click Save. Azure displays the application and its role assignments.

  24. You can now use the settings for the Lucidum applications to configure the Microsoft Azure connector in Lucidum.

Configuring the Microsoft Azure Connector

To configure Lucidum to retrieve data form Azure and Azure AD:

  1. Log in to Lucidum.

  2. In the left pane, select Connector.

  3. In the Connector page, select Add Connector.

  4. Scroll until you find the Connector for Microsoft Azure. Click Connect. The Settings page appears.

  5. In the Settings page, enter the following:

    • Client ID. Enter the Client ID for the Lucidum application in Azure Active Directory. Client ID is the unique identifier for the Lucidum application in Azure Active Directory. Client ID is also called Application ID. You captured this value in step #8 in the section above.

    • Client Secret. Enter the Client Secret ID for the Lucidum application in Azure Active Directory. You captured this value in step #11 in the section above.

    • Tenant ID. Enter the tenant ID. Tenant ID is a unique identifier for your instance of Azure Active Directory. You captured this value in step #8 in the section above.

    • Subscription ID. This is an optional parameter. You captured this value in step #20 in the section above. If you specify a value in this field, Lucidum will fetch data only from the specified subscription. The default behavior is for Lucidum to fetch data from all subscriptions associated with the specified Tenant ID.

    • Azure AD API Version. This is an optional parameter. Specify the version of the Azure AD API you are using with your Azure AD instance.

  6. To test the configuration, click Test.

    • If the connector is configured correctly, Lucidum displays a list of services that are accessible with the connector.

    • If the connector is not configured correctly, Lucidum displays an error message.