Get account information from Azure's portal

  • Log in to your Azure account
  • Search "Azure Active Directory" from the top search text box and select it
  • Copy the tenant id and keep it in a safe place. We will need it while adding information on InfraGuard
  • On the side menu of the same page click on "App registrations" and select "New registration"
  • Enter the name as Infraguard app
  • Make sure "Single Tenent" is selected in Supported Account types
  • In Redirect URI select "Web" from the list and enter https://app.infraguard.io in the text box next to it
  • Click on Register
  • Now your application is registered. Copy the "Application (Client) ID" and keep it in a safe place
  • Go to "Certificates and Secrets" from the left menu and click on the "New Client Secret" button
  • Enter description as Infraguard key and select "24 months" in the "EXPIRES" option radio button
  • Click on Add
  • This will generate a new client secret key. Copy the value column item and keep it in a safe place with the name Client Secret
  • Now search "Subscription" on the top search text box and go to your current subscription and copy the subscription id and put it in a safe place
  • Select "Access control(IAM)" from the menu of your subscription and click on "+Add" and select custom role
  • Enter your custom role name as "InfraGuard-role"
  • Select JSON click on edit and insert the following:  
{
    "properties": {
        "roleName": "InfraGuard-role",
        "description": "",
        "assignableScopes": [
            "/subscriptions/<INSERT YOUR SUBSCRIPTION ID>"
        ],
        "permissions": [
            {
                "actions": [
                    "Microsoft.Compute/snapshots/delete",
                    "Microsoft.Compute/snapshots/read",
                    "Microsoft.Compute/snapshots/write",
                    "Microsoft.Compute/virtualMachines/instanceView/read",
                    "Microsoft.Compute/virtualMachines/read",
                    "Microsoft.Resources/subscriptions/resourceGroups/read",
                    "Microsoft.Network/networkInterfaces/read",
                    "Microsoft.Network/publicIPAddresses/read",
                    "Microsoft.Compute/virtualMachines/start/action",
                    "Microsoft.Compute/virtualMachines/restart/action",
                    "Microsoft.Compute/virtualMachines/deallocate/action",
                    "Microsoft.Compute/virtualMachines/runCommands/write",
                    "Microsoft.Compute/virtualMachines/runCommands/read",
                    "Microsoft.Compute/virtualMachines/runCommand/action",
                    "Microsoft.Compute/virtualMachines/assessPatches/action",
                    "Microsoft.Compute/virtualMachines/installPatches/action"
                ],
                "notActions": [],
                "dataActions": [],
                "notDataActions": []
            }
        ]
    }
}
  • Replace <INSERT YOUR SUBSCRIPTION ID> with your subscription id in the 6th line and click on Save
  • Then select "Review + Create" and then Create. The role is created. Click OK to return to the IAM role page
  •  Click on the "add a role assignment" button on the card "Grant access to this resource" on right
  • Now select the "Role" tab and search for "InfraGuard-role". Select this role and click Next
  • In the Member tab click on "+Select Member" and search for "Infraguard app" on the right side below Select Members
  • Select Infraguard app and click on select. Then click on "Review and Assign" 


Onboard your servers to InfraGuard

  • Log onto app.infraguard.io Account
  • Select CLUSTER from side-menu
  • Click on “Create Azure cluster”
  • Add any relevant Name
  • Add Tenant ID, Subscription ID, Client ID, and Client Secret as created and copied in the previous section
  • Click ‘Sync’ to make your newly added server appear in the list of servers
  • Wait for some time before you click on ‘Servers’ to get your list of servers for that Role ARN