1. Using Oracle CASB Cloud Service
  2. Setting Up Cloud Applications for Monitoring
  3. Setting Up Azure
  4. Preparing Azure

Preparing Azure

Before registering your Azure application instance with Oracle CASB Cloud Service, ensure that you have an Azure account that is properly configured.

Prerequisite: In order to be monitored by Oracle CASB Cloud Service, your Azure instance must be running under an E5 license if you want to monitor Azure AD events. If you are not monitoring Azure AD events, your Azure instance only needs to have an S3 .license.

  1. Log in to the Azure portal with Global Administrative privileges.
  2. Enter app in the search box and select App registration from the search results.
  3. On the App registrations page, after Still want to use App registration (Legacy)?, click the Go back and tell us why link.
  4. (Optional) Enter a reason in the Could you let us know why… box. You could enter something like, “Following 3rd party instructions that tell me to use the legacy steps.”

    You could enter something like, Following 3rd party instructions that tell me to use the legacy steps.

  5. Click Continue.
  6. In the App registrations (Legacy) panel, click New application registration at the top.
  7. In the Create panel on the right:

    1. In the Name box, enter the name for your application.

    2. Leave Application type as Web app / API.

    3. For Sign-on URL, enter the URL where the user signs on.

      This is the base URL of the Oracle CASB Cloud Service where you plan to register the application: https://loric.palerra.net, https://loric-eu.palerra.net, https://loric-ca.palerra.net, or https://trial.palerra.net.

    4. Click Create at the bottom.

      Your application is created and an information panel for it replaces the Create panel.

    5. In the information panel for your application, copy the Application ID value (to right of Display Name) and save it somewhere safe, where you can easily retrieve it later when you register your Azure instance in Oracle CASB Cloud Service.

  8. Click Settings at the top of the information panel.
  9. In the Settings panel that opens, under API ACCESS, click Keys.
  10. In the Keys panel that opens:

    1. Click under Description and enter a description for this key.

    2. Under EXPIRES, select Never expires.

      The VALUE field remains empty until you click Save.

    3. Click Save.

    4. Copy the VALUE generated for the key and save it somewhere safe, where you can easily retrieve it later when you register your Azure instance in Oracle CASB Cloud Service.

      Caution:

      Verify that the value that you paste matches exactly what is in the VALUE field.

      Once you close this panel, you will not be able to retrieve this value later from the Azure portal. If you can’t match this value later, you will have to create a new key and rotate keys to replace the old one.

  11. In the Settings panel, click Required permissions.
  12. In the Required permissions panel that opens, click Add at the top.
  13. In the Add API access panel that opens, click Select an API.
  14. In the Select an API panel that opens:

    1. Scroll down.

    2. Select Microsoft Graph.

    3. Click Select at the bottom.

  15. In the Add API access panel, click Select permissions .
  16. In the Enable Access panel that opens:

    1. Scroll down.

    2. Select Read all audit log data.

    3. Click Select at the bottom.

      The Required permissions panel now lists Microsoft Graph, in addition to Windows Azure Active Directory, which is always there by default.

  17. In the Add API access panel, click Done at the bottom.
  18. In the Required permissions panel, click on Windows Azure Active Directory.
  19. Under Application Permission, select Read directory data, then click Save.
  20. In the Required permissions panel:

    1. Click Grant permissions at the top.

    2. Click Yes when prompted to grant permissions.

  21. In the left navigation panel, select All services, then:

    1. Enter subs in the search box.

    2. Select Subscriptions from the list.

  22. In the Subscriptions panel, select the subscription to use with Oracle CASB Cloud Service.

    1. Copy the Subscription ID value for the selected subscription and save it somewhere safe, where you can easily retrieve it later when you register your Azure instance in Oracle CASB Cloud Service.

    2. Select the domain name after “default directory” under the Directory heading.

    3. Hover over the user name at the top right.

      The last line of text displayed contains the domain name.

    4. Verify that the domain name after “default directory” under the Directory heading matches the domain name displayed when you hover over the user name at the top right.

    5. If the domain names match, copy the domain name after “default directory” under the Directory heading and save it somewhere safe, where you can easily retrieve it later when you register your Azure instance in Oracle CASB Cloud Service.

  23. In the information panel that opens for the subscription, select Access control (IAM) on the left.
  24. Click +Add.
  25. In the Add permissions panel that opens:

    1. In the Role box, enter read.

    2. Select Reader from the list.

    3. In the Select box, start typing the name of the application you created above.

    4. When your application appears below, select it.

    5. Click Save at the bottom.

      Your application now appears in the READER section.

You are ready to register your Azure instance with Oracle CASB Cloud Service.