# Introduction, architecture, and requirements

## Introduction

CDR for Azure offers advanced threat detection and response coverage for your Microsoft Azure tenants. Vectra AI is providing this guide to help their customers deploy this solution to leverage this coverage. To do this, Vectra AI needs to ingest your Microsoft Azure tenant platform logs, and following this deployment you will have:

* **Azure Detections** - High fidelity detections of malicious behaviors in your Azure tenants based on our proprietary ML and security analytics capabilities.
* **Azure Threat Surface Dashboard** - Insights to help you identify security related threat patterns in your Azure tenants.
* **Azure Investigate** - Curated Azure metadata that allows you to perform in-depth investigations on potential threats in your Azure tenant. This data consists of enriched metadata fields and all the existing *Investigate* capabilities to help you efficiently conduct an investigation.

This guide will enable you to configure the Azure Data Source connector in your Vectra AI Platform. It also provides you with the details to ensure your Azure tenant platform logs are being forwarded to dedicated storage accounts accessible to the Vectra AI Platform for data ingestion.

## Architecture Overview

This Data Source leverages Activity logs and Diagnostic Resource logs to detect suspicious activity in your environment. This logging is managed by Azure Monitor but is not enabled by default in Azure environments.

This deployment guide will help you grant Vectra access to the data it requires to offer comprehensive detection coverage and, if required, to deploy broad logging in your Azure environment.

![](https://4227135129-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHJ1ltuWFvsArFWtevnRn%2Fuploads%2Fgit-blob-19c667d7140e2dc8fb6a9262fc3da4d3a8ba5782%2Fcdr-for-azure-deployment-guide-1.png?alt=media)

* Subscriptions and Resources in your environment log to Storage Accounts in your Azure tenant.
* Vectra leverages a role in your environment to periodically scan these storage accounts.
* When new logs are detected, Vectra copies these logs to the Vectra cloud.
* Vectra processes these log events through proprietary algorithms to generate detections.

## General Requirements

* Vectra Respond UX tenant.
* Azure permissions required only during deployment:
  * Granting Vectra access to your Azure tenant (Consent Workflow):
    * Global Administrator
  * Setup logging and grant Vectra access to the logs (Log Enablement Workflow):
    * Global Administrator
    * Resource Policy Contributor at management group level
    * User Access Administrator at management group level
      * This can be a temporary privilege elevation used only during log enablement.
  * Full list of ongoing Azure permissions required are in [Appendix 1 - Azure configuration notes](https://docs.vectra.ai/deployment/cdr-for-azure/deployment/appendix-1-azure-configuration-notes).
* Choose one of the below methods for deployment:
  * Automated Deployment via ARM template – Step specific prerequisites (if required) are listed in each step of the [Automated deployment](https://docs.vectra.ai/deployment/cdr-for-azure/deployment/automated-deployment) section.
  * Manual Deployment – Some customers prefer to deploy without using the automated deployment process that uses ARM templates or may already have a logging setup that can be used with Vectra CDR for Azure. Please see [Manual deployment](https://docs.vectra.ai/deployment/cdr-for-azure/deployment/manual-deployment) for requirements and guidance.