Muokkaa

Jaa


Assign access to workload owners

When you onboard your Amazon Web Service (AWS) or Google Cloud Project (GCP) environments, Defender for Cloud automatically creates a security connector as an Azure resource within the connected subscription and resource group. Defender for Cloud also creates the identity provider as an IAM role required during the onboarding process.

To assign permissions to users on a specific connector below the parent connector, you need to determine which AWS accounts or GCP projects you want users to access. You need to identify the security connectors that correspond to the AWS account or GCP project you want to assign users access to.

Prerequisites

Configure permissions on the security connector

Permissions for security connectors are managed through Azure Role-Based Access Control (RBAC). You can assign roles to users, groups, and applications at a subscription, resource group, or resource level.

  1. Sign in to the Azure portal.

  2. Navigate to Microsoft Defender for Cloud > Environment settings.

  3. Locate the relevant AWS or GCP connector.

  4. Assign permissions to the workload owners with All resources or the Azure Resource Graph option in the Azure portal.

    1. Search for and select All resources.

      Screenshot that shows you how to search for and select all resources.

    2. Select Manage view > Show hidden types.

      Screenshot that shows you where on the screen to find the show hidden types option.

    3. Select the Types equals all filter.

    4. Enter securityconnector in the value field and add a check to the microsoft.security/securityconnectors.

      Screenshot that shows where the field is located and where to enter the value on the screen.

    5. Select Apply.

    6. Select the relevant resource connector.

  5. Select Access control (IAM).

    Screenshot that shows where to select Access control IAM in the resource you selected.

  6. Select +Add > Add role assignment.

  7. Select the desired role.

  8. Select Next.

  9. Select + Select members.

    Screenshot that shows where the button is on the screen to select the + select members button.

  10. Search for and select the relevant user or group.

  11. Select the Select button.

  12. Select Next.

  13. Select Review + assign.

  14. Review the information.

  15. Select Review + assign.

After setting the permission for the security connector, workload owners will be able to view recommendations in Defender for Cloud for the AWS and GCP resources associated with the security connector.

Next step