Audit Microsoft Azure in Tenable Nessus

Audit your Microsoft Azure environment to identify security misconfigurations and account setting vulnerabilities. By running these compliance audits, you ensure your cloud infrastructure adheres to industry standards and internal security policies.

For more information on the Microsoft Azure audit, see the Microsoft Azure Audit Compliance Reference in the Compliance Checks Reference.

Before you begin:

• Configure Azure as described in Configure Azure for a Compliance Audit.

• Ensure you have valid Microsoft Azure account credentials. No pre-authorization from Microsoft is required.

To Audit Microsoft Azure in Tenable Nessus:

1. Log in to your Tenable Nessus user interface

2. In the upper-right corner of the page, click Create a Scan.

   The Select a Scan Template page appears.

3. In the Compliance section, select the Audit Cloud Infrastructure template.

   The Audit Cloud Infrastructure page Settings tab appears.

4. In the Name box, type a descriptive name for the scan.

5. (Optional) In the Description box, enter information to describe your scan.
6. Click the Credentials tab.

7. In the Categories section, click Microsoft Azure.

   The Microsoft Azure options appear.

8. Click the Authentication Method drop-down menu to select your preferred authentication method: key, password, or certificate.

9. Configure the credentials for your selected authentication method.

   To configure key authentication:

   Option	Description	Required
   Tenant ID	The Tenant ID or Directory ID for your Azure environment.	Yes
   Application ID	The application ID (also known as client ID) for your registered application.	Yes
   Client Secret	The secret key for your registered application.	Yes
   Subscription IDs	List of subscription IDs to scan, separated by a comma. If this field is blank, all subscriptions are audited.	No

   To configure password authentication:

   Option	Description	Required
   Username	The username required to log in to Microsoft Azure.	Yes
   Password	The password associated with the username.	Yes
   Client ID	The application ID (also known as client ID) for your registered application.	Yes
   Subscription IDs	List of subscription IDs to scan, separated by a comma. If this field is blank, all subscriptions are audited.	No

   To configure certificate authentication:

   Option	Description	Required
   Tenant ID	The Tenant ID or Directory ID for your Azure environment.	Yes
   Application ID	The application ID (also known as client ID) for your registered application.	Yes
   Private Key	A PEM formatted 2048-bit RSA private key and certificate.	Yes
   Config File	Additional configuration parameters. Currently only applicable for SCuBA scans.	No
   Subscription IDs	List of subscription IDs to scan, separated by a comma. If this field is blank, all subscriptions are audited.	No

10. Click Compliance.

11. Click Microsoft Azure.

    Tenable offers pre-configured compliance checks and provides the ability to upload a custom Azure audit file.

    Note: For information on creating a custom audit, see the Microsoft Azure Audit Compliance Reference in the Nessus Compliance Checks Reference Guide.

12. Click each compliance check you want to add to the scan.

13. If you choose to add a custom audit file, click Add File and select the file to upload.

14. Click Save.

    The credential saves and the My Scans page appears.

Note: For additional information on configuring Tenable Nessus scans, refer to the Tenable Nessus User Guide.