Palo Alto Networks Live Community dives into the new features of Aperture R40, Azure AD group-based scanning. Read about how group-based scanning affects user groups, improves scanning and enhances the Aperture R40 experience.
NOTE: Aperture has changed to Prisma SaaS.
The latest R40 release of Aperture adds Group-Based Scanning for Azure AD (Active Directory).
Connecting your Azure Active Directory service to Aperture allows you to retrieve information on user groups and group membership from your centralized repository of users and groups on your network. The Aperture service allows you to selectively include or exclude user groups' information when scanning assets in the supported SaaS application.
If you need to exclude a user group due to differences in data privacy rules or have private assets that should be excluded from scanning, connecting a directory service and enabling selective scanning will address this need.
When you connect your directory service to Aperture, you provide the identifiers and keys, authorizing the service to establish a secure connection to the directory to retrieve your user and group information. Aperture refreshes every 24 hours, but if there are changes to users and groups that you’d like to retrieve before the automatic refresh, selecting Refresh updates your user and group information.
One of the screens you will see when configuring Azure Active Directory.
You can add a subset of groups to scan or exclude from scanning.