CloudAzure

Scan Microsoft Azure Virtual Machines

Scan Microsoft Azure virtual machines, snapshots, and disks with cnspec.

Use cnspec to scan Microsoft Azure virtual machines, snapshots, and disks through an Azure registered app. This lets you evaluate the security of your VMs without deploying agents.

Prerequisites

To scan Azure virtual machines with cnspec, you must have:

Authenticate

Pass the registered app's credentials on the command line. Each scan command below accepts the same authentication flags:

FlagValue
--tenant-idYour Azure tenant ID
--client-idThe registered app's client ID
--client-secretA client secret (or use --certificate-path instead)
--certificate-pathPath to a .pem certificate
--certificate-secretPassphrase for the authentication certificate file
--subscriptionsComma-separated list of Azure subscriptions to include
--subscriptions-excludeComma-separated list of Azure subscriptions to exclude

Scan a VM

cnspec scan azure compute instance NAME \
  --tenant-id YOUR-TENANT-ID \
  --client-id YOUR-CLIENT-ID \
  --client-secret YOUR-CLIENT-SECRET

Scan a compute snapshot

cnspec scan azure compute snapshot NAME \
  --tenant-id YOUR-TENANT-ID \
  --client-id YOUR-CLIENT-ID \
  --client-secret YOUR-CLIENT-SECRET

Scan a compute disk

cnspec scan azure compute disk NAME \
  --tenant-id YOUR-TENANT-ID \
  --client-id YOUR-CLIENT-ID \
  --client-secret YOUR-CLIENT-SECRET

Understand your results

To learn how to read the scan report, including scores and remediation guidance, see Understand cnspec Results.

Learn more

On this page