Connect Azure to Microsoft Cloud App Security

This section provides instructions for connecting Cloud App Security to your existing Azure account using the app connector API.

Setting up Azure for connection to Cloud App Security

Cloud App Security connects to Azure via Event Hubs. This section provides instruction for streaming all your Activity Logs to a single Event Hub in your subscription.

Step 1: Stream your Azure activity logs to Event Hubs

  1. Stream the Azure Activity Log of your Azure subscription to an Event Hub. Follow the official guide in the Azure documentation: https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitoring-stream-activity-logs-event-hubs

    Note

    If you have more than one Azure subscription, repeat this step for each subscription using a single Event Hub, shared across your subscriptions.

    After completing the instructions, a new Event Hub will be created in the Namespace you chose.

    Note

    If you get an error after trying to export the Activity Logs, go to Resource providers in Azure, on the left menu, and make sure that ‘microsoft.insights’ is registered.

Step 2: Get a connection string to your Event Hub

  1. Go to the Event Hubs - Preview on the left menu.

    Event hubs menu

  2. Select your Event Hub Namespace.

    Event hub namespace

  3. In the menu, under Entities, click on Event Hubs.

    Event hubs entities

  4. Select the new Event Hub created by Azure Monitor. It is named insights-operational-logs.

    Note

    It may take a few minutes until the Event Hub is created.

    Insights operational logs

  5. Create a new access policy that gives Cloud App Security permission to read from the Event Hub, by clicking on Shared access policies and then click Add.

    Shared access policies

  6. Enter a name for the new policy, and make sure to include at least the Listen claim. When done, click Create.

    Azure new policy

  7. Under Settings and then Shared access policies, click on the access policy you created.

    Azure policy

  8. In the Policy window, copy one of the connection strings by clicking on the button next to Connection string- Primary Key or Connection String- Secondary Key.

Step 3: Add Azure to Cloud App Security

  1. In the Cloud App Security portal, click Investigate and then Connected apps.

  2. In the App connectors page, click the plus sign button and select Microsoft Azure.

    connect Azure to Cloud App Security

  3. In the Connection string field, paste the connection string you copied in the previous step.

  4. In the Consumer group field, type: $Default

    Note

    If you created a different consumer group to be used, use that Consumer group name.

  5. Click Connect to connect and test the connection. It may take a couple of minutes. After receiving a success notice, click Close.

Note

This feature is in private preview.

See Also

Control cloud apps with policies
For technical support, visit the Cloud App Security assisted support page.
Premier customers can also choose Cloud App Security directly from the Premier Portal.