Powered by

Azure

EASM supports Azure integrations to expand the functionality of various EASM capabilities. EASM is can identify a range of exposures and cloud security vulnerabilities including:

  • Public domain and IP address exposures across multiple Azure services

  • Azure Storage accounts with weak security configurations such as use of Shared Key authorization or use of insecure, weak, or deprecated communication and encryption protocols

  • Azure Storage accounts with overly permissive network access policies

  • Azure Storage Containers and Blobs with overly permissive access policies

Azure Audit Scanner

The Azure Audit Security Scanner runs in addition to our existing Azure integrations and performs in-depth security checks on your Tenant and Subscription accounts. When the scanner no longer detects a vulnerability, the associated finding is automatically marked as remediated.

To enable the Azure Audit Security Scanner, contact your client delivery manager after following the integration steps below.

The following services are audited:

Entra-ID (Tenant-level):

  • App Registrations
  • Service Principals
  • Groups
  • Privileged Identity Management (PIM)
  • Entra Roles
  • Authorization Policies
  • Guest Users

Azure Subscription Services:

  • API Management
  • App Configuration
  • Application Gateway
  • Automation Accounts
  • Virtual Machines
  • Container Instances
  • Container Registry (ACR)
  • Azure Kubernetes Service (AKS)
  • Cosmos DB
  • Key Vault
  • Logic Apps
  • Azure Monitor
  • Network Security Groups
  • PostgreSQL Flexible Server
  • Azure SQL
  • Storage Accounts
  • Synapse Analytics
  • App Services / Functions
  • Resource Groups
  • RBAC / IAM

These and future Azure-focused EASM capabilities can be enabled by following the integration steps below.

Create an app registration

  1. Login to your Azure portal.
  2. Navigate to Azure Active Directory.
  3. Select App registrations
  4. Add a new registration:
    1. Leave Accounts in this organizational directory only as the default
    2. Leave Redirect URI empty
  5. Select Register.
  6. Select "Overview" on the app registration you just created.
  7. Copy the Application (client) ID and Directory (tenant) IDs to your notepad.

Grant permissions

  1. Search for and select "Subscriptions" or "Management Groups".
  2. Select the subscription or management group you want to grant access for.
  3. Select Access Control (IAM).
  4. Select Add > Add Role Assignment.
  5. Search for and select Reader.
  6. Select next.
  7. Leave Assign Access to as User, group, or service principal.
  8. Add the app registration as a member.
  9. Select Review + Assign.
  10. Repeat for all subscriptions you want integrated.

Generate a Secret

  1. In the Azure portal, navigate to your created App Registration.

  2. Select certificates & secrets > New client secret.

  3. Set an expiration date suitable for your organization. You will be notified when your secret is 1 week from expiration.

  4. Copy the client secret value and expiration to your notepad.

Integrate with EASM

  1. Log into the NetSPI Platform.
  2. Select or hover EASM in the left navigation and select Assets to display the Assets page.
  3. Select Cloud Account from the Assets list on the left side of the page and then select the Add Cloud Account button.
  4. Supply the information from your notepad saved from the previous steps.
  5. Select Add.

© Copyright 2026. All rights reserved.