To integrate your Azure subscription (account) into Carbon Black Cloud, you must have access to the Azure subscription for retrieving the account details. You get access to the Azure resources by registering an Azure application, which sets up the integration between the Carbon Black Cloud account and the Microsoft identity platform.

You first register an application in the Azure portal and then assign a role to the application by adding credentials for the app registration. Later, Carbon Black Cloud uses these credentials to access Azure resources within your Azure subscription.

Prerequisites

  • You must have an Azure account with an active subscription.
  • Use any of the following Azure AD roles to grant your Azure account with permissions to manage app registrations and enterprise apps in the Azure Active Directory.
    • Application administrator
    • Application developer
    • Cloud application administrator
  • Set up a tenant. For details, see Quickstart: Set up a tenant.

Procedure

  1. To enable Carbon Black Cloud to access the Azure subscriptions in your directory, elevate access for a Global Administrator within the Azure portal.
  2. Register an Azure application.
    1. Log in to the Azure portal and click the Azure Active Directory service.
    2. On the left panel, under Manage, select App registration and click New registration.
    3. Enter a name for the registration and select the support account type.
      For example, Carbon Black.
    4. In the Redirect URI text box, enter https://app.cbc.vmware.com/login.
    5. Optional. You can perform this step post-registration by going to the registered active directory app and clicking on the Add a Redirect URI link.
    6. To complete the process, click Register.
    On the Overview page, you can see the Application (client) ID, or just client ID. Its value is unique and identifies your application in the Microsoft identity platform.
  3. Add credentials to allow your application to authenticate without user interaction during runtime.
    For information, see Add credentials.
    Note the following after generating the client secret.
    • The client secret is valid for a maximum of two years.
    • The client secret is encrypted, and it is not visible once entered in the text box. You can only change its value. Be sure to retrieve the secret value before you navigate away from the Certificate & Secrets page.