/
Adding an Azure resource to SecHard

SecHard

Adding an Azure resource to SecHard

You can follow this guide to add Azure subscriptions into SecHard for security hardening and auditing using the minimum necessary permissions. 

Phase 1: Azure Portal Configuration (App Registration) 

SecHard connects to Azure via a Service Principal. 

  1. Sign in to the Azure Portal and navigate to Microsoft Entra ID (formerly Azure AD). 

  2. Go to App registrations in the left-hand menu and click + New registration

  3. Name the Application: e.g., SecHard-Azure-Audit

  4. Supported account types: Select "Accounts in this organizational directory only (Single tenant)". 

  5. Click Register

  6. Note the Credentials: On the Overview page, copy and save the following: Application (client) ID, Directory (tenant) ID 

  7. Create a Client Secret: Go to Certificates & secrets > Client secrets > + New client secret. Add a description and set an expiration. 

Copy the Value of the secret immediately. You will not be able to see it again. 

 

Phase 2: Assigning Least Privilege Roles 

To comply with security best practices, we will assign only Read-Only roles to the application. This allows SecHard to audit settings without having permission to change or delete your resources. 

  1. Search for Subscriptions in the top search bar and select the subscription you want to add. 

  2. Click on Access control (IAM) in the left sidebar. 

  3. Click + Add > Add role assignment

  4. Assign the following two roles (repeat the process for each): Reader: Allows SecHard to see the configuration of all resources. Security Reader: Allows SecHard to read security policies and security states (essential for hardening audits). 

  5. On the Members tab, click + Select members and search for the name of the application you created in Phase 1 (e.g., SecHard-Azure-Audit). 

  6. Click Review + assign

 

Phase 3: SecHard Portal Integration 

Now that the Azure side is ready, add the resource to your SecHard instance. 

  1. Log in to the SecHard Web Interface

  2. Navigate to Resource > Add Resource

  3. Select Cloud > Microsoft > Microsoft Azure from the Resource Type list. 

  4. Fill in the relevant information for your resource. 

  5. While adding the account, pick Microsoft Online, and fill in the following fields using the information saved in Phase 1: 

  • Account Name: A display name (e.g., Sechard Azure User). 

  • Tenant ID: From Phase 1, Step 6. 

  • Client ID: From Phase 1, Step 6. 

  • Organization: Your Tenant Domain (e.g., contoso.onmicrosoft.com). 

  • Client Secret: The secret value from Phase 1, Step 7. 

Click Save

SecHard