icon-zwp.svg
Posture Control (ZPC)

Integrating Vulnerability Management for Microsoft Azure Accounts

Zscaler Posture Control (ZPC) enables you to integrate vulnerability management for your Microsoft Azure accounts and choose the repositories that must be enabled for vulnerability scanning. The configuration allows ZPC to scan the container images in the chosen repositories for known security vulnerabilities and display the scan results in the ZPC Admin Portal, so you can remediate the vulnerabilities.

The Azure image size will be zero for all container images.

Prerequisites

You must first onboard your Azure cloud accounts before adding specific accounts for vulnerability scanning. To learn more, see Onboarding a Microsoft Azure Account.

For ZPC to discover and scan private container registries in your Azure account, you must add the required egress IP addresses and place them on the allowlist. To learn more, see the Azure documentation.

To add the IP addresses:

  1. In the Azure portal, go to your container registry.
  2. Select Networking.
  3. On the Public access tab, select Selected networks.
  4. Under Firewall, add the following IP addresses:
  • 52.12.66.25
  • 52.13.162.179
  • 34.212.243.119

To integrate the vulnerability management for specific registries in your cloud account:

  1. Go to Administration > Container Registries & Workloads.
  2. Click Add Integration.
  3. Under General Information:
    • For Vulnerability Scanning Type, select Cloud Container Registries.
    • For Cloud Type, select Microsoft Azure.

  1. Click Next.
  2. Under Account Selection:
  • Accounts: Select the individual accounts that must be configured for scanning. Use the Search field to search for specific accounts in the list.

  • Organizations: Select the accounts in the organization that must be configured for scanning. Click the Expand icon (Click the icon to view the list of registries) to see the list of registries.

  1. Click Finish.

A message is displayed indicating that the vulnerability management integration is successful. You can set up the vulnerability scanning rule and schedule the scan to run at regular intervals. To learn more, see Adding a Vulnerability Scanning Rule for Container Registries.

Related Articles
Integrating Vulnerability Management for Amazon Web Services AccountsIntegrating Vulnerability Management for Microsoft Azure AccountsIntegrating Vulnerability Management for Google Cloud Platform Accounts