.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
Documentation Index
Fetch the complete documentation index at: https://help.dsalta.com/llms.txt
Use this file to discover all available pages before exploring further.
Overview
Microsoft Azure is a comprehensive cloud platform offering virtual machines, databases, storage, networking, AI, and security services. DSALTA integrates with Azure to monitor infrastructure security, encryption, networking, monitoring, and compliance across your Azure subscription.Read-only access. DSALTA never modifies, creates, or deletes resources in your Microsoft Azure environment. All API access is strictly read-only.
Integration Details
| Property | Value |
|---|---|
| Category | Cloud Infrastructure |
| Data Library Modules | Access, Inventory, Vulnerabilities, Incidents |
| Authentication | Service Principal with Reader and Security Reader roles |
| Sync Frequency | Every 24 hours (manual sync available) |
| Permissions | Read-only |
What Data DSALTA Collects
When you connect Microsoft Azure, DSALTA automatically collects the following data on every sync cycle:- Virtual machines, SQL databases, storage accounts
- Cosmos DB, Cache for Redis, Databricks workspaces
- AKS clusters, Application Gateways, Load Balancers
- Key Vault configuration and disk encryption
- Microsoft Defender for Cloud findings
- Activity logs and NSG/VNet flow logs
- Network security group and firewall rules
Key Use Cases
- Monitor Azure resource encryption at rest
- Detect resources exposed to the internet
- Verify backup and monitoring configurations
- Track Defender findings and incident resolution
- Validate TLS and HTTPS enforcement
- Monitor Key Vault key expiration and rotation
How to Connect
Navigate to Integrations
Go to Settings → Integrations in your DSALTA dashboard and find Microsoft Azure in the catalog.
Authenticate
Follow the on-screen instructions to authenticate with your Microsoft Azure account. Admin-level access is required for the initial setup.
Configure Scope
Select which accounts, projects, or resources DSALTA should monitor. You can adjust this later from the integration settings.
Automated Compliance Tests
When you connect Microsoft Azure, DSALTA automatically generates the following compliance tests. Each test runs every 24 hours and produces pass/fail evidence for your auditor.| Test | Description |
|---|---|
| Infrastructure entities should be classified | Checks that all Azure infrastructure entities are classified by criticality. |
| Azure should be on HTTPS | Checks that Azure resources are accessible over HTTPS. |
| Azure should redirect HTTP to HTTPS | Checks that Azure redirects HTTP traffic to HTTPS. |
| Azure activity logs should be archived | Checks that Azure activity logs are archived for audit purposes. |
| Azure Defender should be enabled | Checks that Microsoft Defender for Cloud is enabled on the Azure subscription. |
| Reported incidents should be closed in Microsoft Defender | Checks that incidents detected in Microsoft Defender are closed and resolved. |
| Azure flow logs should be captured | Checks that Azure NSG flow logs are captured. |
| Azure virtual network flow logs should be captured | Checks that Azure Virtual Network flow logs are captured. |
| Azure Cosmos DB should be encrypted | Checks that Azure Cosmos DB is encrypted at rest. |
| Azure Cosmos DB backup should be enabled | Checks that Azure Cosmos DB backups are enabled. |
| Azure Cosmos DB latency should be monitored | Checks that Azure Cosmos DB latency is being monitored. |
| Azure Cosmos DB should be protected from direct internet traffic | Checks that Azure Cosmos DB is not directly exposed to the internet. |
| Azure VMs should be protected from direct internet traffic | Checks that Azure VMs are not directly exposed to the internet. |
| Azure SQL databases should be encrypted | Checks that Azure SQL databases are encrypted at rest. |
| Azure SQL databases should be protected from direct internet traffic | Checks that Azure SQL databases are not directly exposed to the internet. |
| Azure SQL database backup should be enabled | Checks that Azure SQL database backups are enabled. |
| Azure SQL database memory utilization should be monitored | Checks that Azure SQL database memory utilization is being monitored. |
| Azure SQL database CPU utilization should be monitored | Checks that Azure SQL database CPU utilization is being monitored. |
| Azure SQL database IO utilization should be monitored | Checks that Azure SQL database I/O utilization is being monitored. |
| Azure storage accounts should be encrypted | Checks that Azure storage accounts are encrypted at rest. |
| Azure storage account public network access should be disabled | Checks that Azure storage account public network access is disabled. |
| Azure storage account minimum TLS version should be 1.2 | Checks that Azure storage accounts enforce a minimum TLS version of 1.2. |
| Azure storage account secure transfer should be enabled | Checks that secure transfer (HTTPS) is required for Azure storage accounts. |
| Azure storage account default network access rule should be set to deny | Checks that the default network access rule for Azure storage accounts is set to deny. |
| Azure storage account cross-tenant replication should not be enabled | Checks that cross-tenant replication is disabled for Azure storage accounts. |
| Azure storage account anonymous blob access should be disabled | Checks that anonymous blob access is disabled on Azure storage accounts. |
| Azure Web App should use the latest TLS version | Checks that Azure Web Apps are using the latest TLS version. |
| Azure Web App should redirect HTTP to HTTPS | Checks that Azure App Service redirects all HTTP traffic to HTTPS. |
| Azure RBAC Key Vault keys should have expiration dates | Checks that expiration dates are set for all keys in RBAC-enabled Azure Key Vaults. |
| Azure non-RBAC Key Vault keys should have expiration dates | Checks that expiration dates are set for all keys in non-RBAC Azure Key Vaults. |
| Azure Key Vault should be recoverable | Checks that Azure Key Vaults are configured to be recoverable (soft delete enabled). |
| Azure VM CPU utilization should be monitored | Checks that Azure VM CPU utilization is being monitored. |
| Azure PostgreSQL should enforce SSL connections | Checks that Azure PostgreSQL servers enforce SSL connections. |
| Azure PostgreSQL should have infrastructure double encryption enabled | Checks that Azure PostgreSQL servers have infrastructure double encryption enabled. |
| Azure Cache for Redis CPU utilization should be monitored | Checks that Azure Cache for Redis CPU utilization is being monitored. |
| Azure Cache for Redis freeable memory should be monitored | Checks that Azure Cache for Redis freeable memory is being monitored. |
| Azure Cache for Redis client connections should be monitored | Checks that Azure Cache for Redis client connections are being monitored. |
| Azure Databricks workspaces should be encrypted | Checks that Azure Databricks workspaces are encrypted at rest. |
| Azure disks should be encrypted | Checks that Azure managed disks are encrypted at rest. |
| Azure Load Balancer health probe status should be monitored | Checks that Azure Load Balancer health probe status is being monitored. |
| Azure Application Gateway healthy host count should be monitored | Checks that Azure Application Gateway healthy host count is being monitored. |
| Azure Front Door origin health should be monitored | Checks that Azure Front Door origin health is being monitored. |
| Azure AKS node CPU utilization should be monitored | Checks that Azure AKS node CPU utilization is being monitored. |
| Azure AKS node memory working set usage should be monitored | Checks that Azure AKS node memory working set usage is being monitored. |
| Azure disk backup should be enabled | Checks that Azure disk backups are enabled. |
| Azure Databricks health should be monitored | Checks that Azure Databricks cluster health is being monitored. |
| Azure Databricks CPU utilization should be monitored | Checks that Azure Databricks CPU utilization is being monitored. |
| Azure access should be removed for offboarded users | Checks that Azure access is revoked for offboarded users. |
| Azure Databricks workspace backup should be enabled | Checks that Azure Databricks workspace backups are enabled. |
Tests run automatically every 24 hours. Failed tests generate alerts and appear in your compliance dashboard with remediation guidance. All test results are stored as audit evidence with timestamps.
Compliance Frameworks
This integration provides evidence for the following compliance frameworks:SOC 2
Access controls, monitoring, and change management evidence.
ISO 27001
Asset management, access control, and operations security evidence.
GDPR
Access records and data processing evidence.
Troubleshooting
Integration shows Disconnected
Integration shows Disconnected
Re-authenticate by going to Settings → Integrations → Microsoft Azure and clicking Reconnect. This usually happens when API tokens expire or permissions change.
Data is not syncing
Data is not syncing
Verify that the connected account still has the required admin permissions. Try a manual sync from the integration settings page. If the issue persists, check your Microsoft Azure API rate limits.
Tests are not generating
Tests are not generating
Tests generate after the first successful data sync. If sync completed but tests are missing, ensure the relevant features are configured in Microsoft Azure (e.g., GuardDuty must be enabled in AWS for GuardDuty tests to appear).
Some users are missing from the sync
Some users are missing from the sync
DSALTA syncs all users visible to the connected admin account. If users are missing, verify they are within the scope you configured during setup. Suspended or deleted accounts may not appear.