An active Microsoft Azure AD account with security policy setup is required for Microsoft Azure to provide cloud traffic data to FortiCWP.
Before setting up security policy, Data Collection needed to be setup first. Follow these steps to setup data collection.
- Log in to Azure portal with you Azure AD account: https://portal.azure.com/.
- Search and click on Security Center.
- Click Pricing & settings in Security Center dashboard.
- Click on your subscription, make sure Standard pricing tier is selected.
- Click on Data Collection in Settings. Under Auto Provisioning, select On.
- Under Workspace configuration, leave it as "Use workspace(s) created by Security Center (default)".
- Under Windows security events, select "Common".
- Click Save at the top of the page.
After Data Collection is setup, enable integration to allow security center to integrate with other Microsoft security services by allowing other services to access cloud data.
- Select Threat Detection in the settings under Data Collection.
- Check on the box next to "Allow Microsoft Cloud app Security to access my data".
- Check on the box next to "Allow Windows Defender ATP to access my data".
If you have Azure Pay as you go subscription, having Data Collection and Threat detection setup is sufficient for Azure Integration. For Azure full subscription users, you may setup security policy. (optional)
- On the Security Center dashboard, select Security Policy, and then select your type of subscription.
- On the Security policy blade, select Security Policy.
- On the Security policy - Security policy blade, turn on appropriate policy items to apply to your subscription.
- Select save at the top of the blade.
After Azure data collection and integration is enabled, FortiCWP is able extract cloud traffic data from Azure and provide real time cloud security monitoring.