Aqua supports CSPM in Microsoft Azure accounts to help ensure the security and compliance of Azure resources.


Getting Started

Connecting the Aqua to your Azure subscriptions is simple and straightforward and takes about 5 minutes. CSPM connects to your subscription through the use of an Active Directory application with "Security Reader" read-only permissions. Refer to our Azure setup guide for complete installation steps.

The Scanning Process

Once connected, CSPM will query various read-only APIs in your account to obtain information about the configuration of your infrastructure services. This information will be processed and analyzed by our security control plugins to produce a security report.

Example Findings

CSPM has hundreds of plugins, representing a variety of cloud security controls. Some example findings include:

  • Misconfigured storage accounts exposed publicly
  • NSG security groups configured to allow inbound access to sensitive services from the internet
  • Databases, VM instances, and other services that are not encrypted
  • Policies that allow extensive service or wildcard access to the subscription

Next Steps

To begin auditing your Azure subscriptions, simply register for an Aqua account and follow the connection process above.