AWS inspector documentation change
Summary
Updated Azure terminology and added requirements for Microsoft Entra ID logs
Security assessment
Added documentation about Microsoft Graph audit/sign-in logs being required for resource recording, which are security monitoring features. No vulnerability is addressed, but security logging capabilities are documented.
Diff
diff --git a/inspector/latest/user/inspector-azure-prereqs.md b/inspector/latest/user/inspector-azure-prereqs.md index 8e97c7567..12674e246 100644 --- a//inspector/latest/user/inspector-azure-prereqs.md +++ b//inspector/latest/user/inspector-azure-prereqs.md @@ -9 +9 @@ -Before you create a connector, verify that your AWS account and Azure environment meet the following requirements. The Azure setup script handles most Azure configuration automatically (app registration, Event Hub, diagnostic settings, RBAC roles, and Graph API permissions). +Before you create a connector, verify that your AWS account and Azure environment meet the following requirements. The Azure setup script handles most Azure configuration automatically (app registration, Event Hub, diagnostic settings, Azure role assignments, and Microsoft Graph API permissions). @@ -81,0 +82,7 @@ A Microsoft Azure commercial tenant. Azure Government and Azure China are not su +Microsoft Entra ID log availability + + +Resource recording requires Microsoft Graph audit logs and sign-in logs from your Microsoft Entra ID tenant. Some Microsoft Entra ID logs require Microsoft Entra ID P1 or P2 licensing. + +If the tenant lacks required logs, resource recording might report partial failures. The app registration and Azure role assignments do not supply missing log data. +