Azure – Direct Integration

xAssets provides built-in integrations with several Microsoft Azure services, including Azure Virtual Machines, Azure Active Directory (Entra ID), and Meraki. This page covers the setup for each integration.

Azure Virtual Machines

What the Integration Provides

The Azure VM integration imports a list of virtual machines from your Azure subscription into xAssets as asset records. It pulls basic information on each VM; for full hardware and software details, combine it with xAssets Network Discovery.

Prerequisites

• An Azure tenant with an active subscription containing virtual machines
• An Azure Enterprise Application with Reader access to the subscription
• Access to xAssets with permission to create credential packs

Step 1: Create an Enterprise Application in Azure

1. Sign in to the Azure Portal
2. Navigate to Azure Active Directory > App Registrations > New Registration
3. Name the application (e.g., "xAssets Azure API")
4. Register the application and note the Application (Client) ID
5. Navigate to Certificates & Secrets and generate a new client secret. Copy the secret Value immediately.

Step 2: Grant Reader Access to the Subscription

1. In the Azure Portal, navigate to Subscriptions and select your subscription
2. Click Access control (IAM)
3. Click + Add > Add role assignment
4. Select Reader from the role list (use the search box under "Job function roles" if it is not visible)
5. Click Next to go to the Members section
6. Click + Select members
7. Search for your Enterprise Application name (e.g., "xAssets Azure API") and select it
8. Click Select, then Next, then Review + assign

Step 3: Create a Credential Pack in xAssets

1. Navigate to Discover > Prepare > Credentials
2. Click Create Credentials
3. Configure the credential pack as follows:

4. Save the credential pack

Step 4: Run the Integration

1. Navigate to Discover > Integrations > Get Azure Virtual Servers
2. The integration runs and creates one asset record per VM, which can then be fully discovered using the discovery tool.

Azure Active Directory (Entra ID)

What the Integration Provides

The Azure AD integration imports user records from Azure Active Directory into the xAssets Custodian table. This keeps your user directory synchronised with Azure AD, so that new employees, role changes, and departures are reflected automatically.

Prerequisites

• An Azure tenant with Azure Active Directory
• An Azure Enterprise Application with Microsoft Graph API permissions

Step 1: Create an Enterprise Application

1. In the Azure Portal, create a new Enterprise Application (e.g., "xAssets Azure AD")
2. Generate a client secret and copy the Value
3. Navigate to the API Permissions tab and grant the following permissions at a minimum:

4. Click Grant admin consent to activate the permissions

Step 2: Create a Credential Pack in xAssets

Step 3: Run the Integration

1. Navigate to Discover > Active Directory > Get data from Azure Active Directory
2. Select the AzureAD credential pack
3. The integration runs as a batch job, importing user records into the Custodian table

Troubleshooting Azure and Intune Permissions

If you experience permission errors with any Microsoft integration (Azure VMs, Azure AD, or Intune), follow this diagnostic approach:

1. Open the transformation behind the integration (via Admin > Transformations) and note the API URLs being called
2. Open Microsoft Graph Explorer
3. Paste the API URL into the query box (e.g., https://graph.microsoft.com/v1.0/users for Azure AD)
4. Run the query with the Run Query button
5. If permissions fail, review the "Modify permissions" section to identify which permissions are needed. Read each permission description carefully before clicking "Consent" to avoid granting excessive privileges.
6. Once the query works in Graph Explorer, verify that the same permissions are granted to your Enterprise Application in the Azure Portal

Warning: Microsoft Graph Explorer can grant more elevated permissions than are required. Always review the description of each permission before consenting, and only grant the minimum permissions needed for the integration.

Permissions for Azure SSO are covered separately -- see SSO with Azure.

Integration with Meraki

What the Integration Provides

The Meraki integration imports Meraki-managed devices from the Cisco Meraki cloud platform into xAssets. The integration pulls devices from one or more networks in the organizations managed by your Meraki account.

Prerequisites

• A Meraki cloud platform account with API access enabled
• A Meraki API key generated from a Dashboard Administrator account
• Access to xAssets with permission to create credential packs

Step 1: Enable the Meraki API

1. In the Meraki Dashboard, navigate to Organization > Settings > Dashboard API access
2. Enable the API
3. Navigate to My Profile and generate an API key
4. Copy and securely store the API key -- it inherits the same permissions as the Dashboard Administrator account that generated it

Step 2: Create a Credential Pack in xAssets

Step 3: Prepare the Integration

1. Navigate to Admin > Transformations
2. Find and queue the transformation called "Meraki -- Prepare Integration" to run as a batch job
3. Specify the name of the credential pack you created
4. Wait for the job to complete -- this may take some time depending on the number of organizations and networks accessible through your API key

Step 4: Run the Integration

1. Navigate to Discover > Integrations > Get Data from Meraki
2. Select the credential pack
3. Select one or more networks to import devices from
4. The integration runs and creates asset records for the selected Meraki-managed devices

Related Articles

• Microsoft Intune — importing Intune-managed devices
• Amazon Web Services — importing AWS EC2 instances
• Google Cloud — importing GCP Compute Engine instances
• SSO with Azure — Azure SSO configuration (different from data integration)