Appendix E - Azure API Usage on FortiCNP
In supporting the Azure cloud account monitoring, data analysis, and resource synchronization, FortiCNP would call Azure APIs for the its real time cloud account data. The list of Azure APIs have been granted by the Azure administrators during the account consent process in the account onboarding.
List of Azure APIs called by FortiCNP
| Azure API name | Type | Admin Consent Required | Status |
|---|---|---|---|
| Azure Service Management | |||
| user_impersonation | Delegated | No | Granted for Fortinet |
| Azure Storage | |||
| user_impersonation | Delegated | No | Granted for Fortinet |
| Microsoft Graph | |||
| AuditLog.Read.All | Delegated | Yes | Granted for Fortinet |
| Group.Read.All | Delegated | Yes | Granted for Fortinet |
| GroupMember.Read.All | Delegated | Yes | Granted for Fortinet |
| User.Read | Delegated | No | Granted for Fortinet |
| User.ReadBasic.All | Delegated | No | Granted for Fortinet |
Azure API Usage Details
- Azure Service Management - retrieves resource synchronization, configuration risk management policy, risk management findings, and compliance reports details.
- Azure Storage - retrieves files from cloud account storage for data analysis and data scan.
- Microsoft Graph - retrieves user related activity for monitoring and security purposes. These user activities are later used in compliance reports generation.