Skip to main content

Getting Started with Illumio Insights

  • Getting Started with Illumio Insights
  • Free Trial Onboarding Steps for Azure

Free Trial Onboarding Steps for Azure

Follow this onboarding path for Azure.

Azure_Free_Trial.png

View the following video for an onboarding example.

Step 1. Start Free Trial

If you haven't already started your free trial, go to the Free Trial Insights page first.

Step 2. Onboard Azure

Onboard Azure

Follow these steps

Onboard_Azure.png

  1. Log into the Illumio Console.

  2. Go to Cloud > Onboarding.

  3. Click Add > Azure.

    Add_Azure.png

  4. Choose Easy onboarding and click Continue.

  5. Click Login with Azure to connect your Azure cloud resources. See the detailed sub steps listed next.

  6. Setup flow log access for your users.

Login with Azure and Review Permissions

  1. Sign into your Azure account with your Azure credentials.

  2. On the Permissions Requested pane, check Consent on behalf of your organization and click Accept. This allows the Illumio application's Service Principal to gain just-in-time access privileges as the user who is logging in.

    API Name

    Claim Value

    Permission

    Azure Resource Manager

    user_impersonation

    Access Azure Resource Manager as organization users

    Microsoft Graph

    offline_access

    Maintain access to data you have given Illumio access to

    Microsoft Graph

    openid

    Sign users in

    Microsoft Graph

    profile

    View a user's basic profile

    Microsoft Graph

    User.Read

    Sign in and read a user profile

  3. In the Finish Your Azure integration pane, under Integration Scope, select a tenant or subscription to onboard. You can select multiple subscriptions from the Subscriptions drop-down list.

  4. Enable VNET Flow Logs.

  5. Select Read or Write permissions. 

  6. (Optional): Configure tags and centralize flow storage. Click View More Settings (Optional) in the Enable VNET Flow Logs pane. Add Tags 

  7. Configure tags for new flow logs and storage accounts. Adding tags helps you meet compliance requirements and enhances search for new resources. To add a tag, click + Add Tag, enter values in the Tag Key and Tag Value fields and click Apply Changes. You can create multiple tags for resources.

    See Use tags to organize your Azure resources and management hierarchy.

  8. Centralize Flow Logs .

  9. To centralize flow logs, click the Centralize Flow Logs tab, select the subscription where you want to centralize your flow logs, and click Apply Changes.

  10. Click Confirm and Continue.

    Permission Type

    Permission Name

    Notes

    Read

    Reader-role (Azure-owned role)

    This role gives Illumio Cloud permission to read data or resources from your subscription or tenant. This role allows the viewing of all resources but it does not allow modification.

    Write

    Illumio Network Security Administration (Illumio-created custom role)

    Illumio Firewall Administrator (Illumio-created custom role)

    Allows Illumio to manage Network Security Groups and Azure Firewalls in your Azure environment.

    Flow

    Storage blob data reader

    Allows Illumio to read the contents of storage accounts in your Azure environment.

Set up Flow Log Access for Azure

Note

Skip this procedure if you have already performed steps 4 through 9 in the section titled Log in with Azure and Review Permissions previously.

Set up flow log access

Follow these steps

Grant_Flow_Log_Access.png

  1. In the Illumio Console, go to Onboarding and then click Flow Log Access.

  2. Select Azure to grant access to and select Grant Access.

  3. Select your service account, provide the service account token, and click Done.

Note

If the VPC/NSG flow logs from one account are configured to be stored in S3/storage accounts in another account, then the destination account should be onboarded into Illumio. If the account that owns the S3 bucket is not onboarded, Illumio will not be able to fetch the flow logs of that S3 bucket.

For detailed instructions for setting up your flow logs, see this topic.

Step 3. Explore Illumio Insights

View Illumio Insights in the Console. See Explore Illumio Insights.