CloudAzure
Scan Microsoft Azure Virtual Machines
Scan Microsoft Azure virtual machines, snapshots, and disks with cnspec.
Use cnspec to scan Microsoft Azure virtual machines, snapshots, and disks through an Azure registered app. This lets you evaluate the security of your VMs without deploying agents.
Prerequisites
To scan Azure virtual machines with cnspec, you must have:
- cnspec installed on your workstation
- An Azure registered app with the appropriate permissions
- The app's tenant ID, client ID, and either a certificate or a client secret
Authenticate
Pass the registered app's credentials on the command line. Each scan command below accepts the same authentication flags:
| Flag | Value |
|---|---|
--tenant-id | Your Azure tenant ID |
--client-id | The registered app's client ID |
--client-secret | A client secret (or use --certificate-path instead) |
--certificate-path | Path to a .pem certificate |
Scan a VM
cnspec scan azure compute instance NAME \
--tenant-id YOUR-TENANT-ID \
--client-id YOUR-CLIENT-ID \
--client-secret YOUR-CLIENT-SECRETScan a compute snapshot
cnspec scan azure compute snapshot NAME \
--tenant-id YOUR-TENANT-ID \
--client-id YOUR-CLIENT-ID \
--client-secret YOUR-CLIENT-SECRETScan a compute disk
cnspec scan azure compute disk NAME \
--tenant-id YOUR-TENANT-ID \
--client-id YOUR-CLIENT-ID \
--client-secret YOUR-CLIENT-SECRETLearn more
- Secure an Azure Subscription — scan account-level Azure configuration
- Mondoo Azure Resource Pack Reference — every Azure resource and field cnspec can query
- Write Effective MQL — guide to authoring checks and queries