Introduction to Discovery & Visibility Azure - Adaptive Applications - BlueCat Gateway - 20.6.1

Cloud Discovery & Visibility Azure Administration Guide

BlueCat Gateway

BlueCat Adaptive Applications are licensed, out-of-the-box applications that provide you with advanced DDI functionality with minimal configuration. Adaptive Applications extend the functionality of the BlueCat core Adaptive DNS platform, DNS Integrity, in specific areas to drive increased customer value and competitive differentiation.

The BlueCat Discovery & Visibility Azure Adaptive Application introduces a method to retrieve data from Azure and import the discovered objects into Address Manager. This provides continuous, real-time visibility into the changes to your Azure infrastructure.
Note: The BlueCat Discovery & Visibility Azure Adaptive Application only provides visibility into your Azure infrastructure. You cannot use the BlueCat Discovery & Visibility Azure Adaptive Application to import Address Manager data into your Azure infrastructure.
The application imports the following information:
  • Resource Groups
  • Azure Virtual Networks and Subnets
  • Azure Virtual Machines
  • Azure Load Balancers
  • Azure Private DNS Zones
  • Azure Public DNS Zones


Before you install the Discovery & Visibility Azure Adaptive Application, ensure that the following requirements are met:
  • You must be running Address Manager v9.1.0 or greater
  • You must have an Azure account to retrieve the Azure data with the following permissions set:
    • Common permissions for virtual networks, load balancers, DNS zones, and private DNS Zones:
      • "Microsoft.Authorization/*/read"
      • "Microsoft.Resources/subscriptions/resourceGroups/read"
      • "Microsoft.Resources/deployments/*"
      • "Microsoft.Compute/*/read"
      • "Microsoft.ClassicCompute/*/read"
      • "Microsoft.ClassicNetwork/*/read"
      • "Microsoft.Storage/*/read"
    • Role permissions
    • Allows for full access to Azure Service Bus resources (BuiltinRole)
      • "Microsoft.ServiceBus/*"
        Attention: You must not enable the subscription policy to deny "Microsoft.ServiceBus/namespaces". If the subscription policy to deny "Microsoft.ServiceBus/namespaces" is enabled, the following message might appear in the Cloud Discovery & Visibility Azure UI when using the visibility feature:
        [ERROR] Something wrong when get Service Bus HT-PoC
    • Manage EventGrid event subscription operations (BuiltinRole)
      • "Microsoft.Authorization/*/read"
      • "Microsoft.EventGrid/eventSubscriptions/*"
      • "Microsoft.EventGrid/topicTypes/eventSubscriptions/read"
      • "Microsoft.EventGrid/locations/eventSubscriptions/read"
      • "Microsoft.EventGrid/locations/topicTypes/eventSubscriptions/read"
      • "Microsoft.Insights/alertRule/*"
      • "Microsoft.Resources/deployments/*"
      • "Microsoft.Resources/subscriptions/resourceGroups/read"
      • "Microsoft.Support/*"
    • Monitoring Reader (BuiltinRole)
      • "*/read"
      • "Microsoft.OperationalInsights/workspaces/search/action"
      • "Microsoft.Support/*"
Note: The Azure account is configured in the Adaptive Application setup and used to continuously monitor and retrieve changes from your Azure infrastructure . You do not need to be logged into the Azure workflow for visibility to occur.