02-16-2024 11:00 AM
I have provided Prisma Cloud with all the necessary API Permissions and more, along with granting the necessary roles needed to view Azure Active Directory Security Settings. The issue lies in resources showing up in Prisma Cloud itself when queried, e.g Identity Protection related resources or Active Directory Roles and Administrators or even Password Reset Policies. I want to inquire what more I should carry out to ensure proper ingestion of these resources i.e where could I have gone wrong?
02-16-2024 09:10 PM
Without knowing what process you followed it's a little hard to help really. Have you gone through the docs around getting all of this setup? If it was a permissions issue you should be able to validate that by looking at Setting > Cloud Accounts and looking at Status. The terraform script is highly recommended here, but you can go through and do it manually as well (requirements are in the Azure Application Permissions page) if you don't utilize Terraform.
Walking through the docs should get you to the finish line however. If you aren't getting anything ingested it just sounds like the process isn't fully walked through yet and you're missing a couple steps.
02-17-2024 10:07 AM
I've completed the setup successfully as the review status after following through the necessary steps of onboarding Azure Active Directory shows the Asset Configuration as "Successful". This was achieved after assigning the necessary API permissions inside of app registrations in Azure Cloud as guided by the documentation.
The issue, however, lies in whether Prisma Cloud ingests resources i.e. related to Active Directory "Roles and Administrators" or "Identity Protection" (located inside of Azure Entra ID Security Center and other such Security Center resources) or even "Users Password Reset". The resources located specifically in under these services are not being ingested to Prisma Cloud otherwise almost most of Azure AD seems to have been ingested.
There are even partial ingestions for example, inside of User Settings, Default User Role Permissions is ingested onto Prisma Cloud but not "LinkedIn account connections" or "Administration Center" or “Show keep user signed-in”. There is no issue regarding resource configuration either, rather I have concerns surrounding Prisma's support for ingesting these specific settings/resources which are essential for policy making. For Azure AD Policies to be created, I need these resources to ensure security best practice is implemented. However, currently am facing a hindrance. I’ve covered policies relating to Conditional Access Policies with ease and similar others so as well for reference.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
