This functionality is available for Pro and Advanced plans only. Contact us for more information.
Why should I scan my virtual machines?
With virtual machine scanning, Aikido can scan the hard drives of your virtual machines for vulnerable packages, outdated runtimes and risky licenses.
Getting started
To enable the scanning of your virtual machines on Azure, you should first start by connecting your Azure Cloud to Aikido. To do this you can follow the steps outlined in this article.
Once your cloud is connected, you'll see a tab appear on the detail page called 'Virtual Machines'.
Azure dashboard prompting to activate virtual machine scanning for security and compliance checks.
When you click on 'Set Up VM Scanning' we'll take you to the following page:
Azure VM scanning setup instructions with Application ID entry field.
The setup wizard will guide you through creating a new App Registration inside of the Azure Portal with an API secret specifically for Aikido.
The API secret will be used by Aikido to make the necessary API requests to scan your resources. Aikido will notify you via email when the secret is about to expire.
Only the bare minimum of permissions are granted to the App Registration. This ensures that Aikido can perform its security checks without the risk of unintended altering of your resources.
Once you click 'save', Aikido will immediately start to discover any virtual machines in your account and scan them.
VM grouping
To optimize scanning efficiency, Aikido groups certain Azure VMs and scans only one instance from each group. Grouping works as follows:
Virtual Machine Scale Sets (VMSS): All VMs that belong to the same VMSS are shown as a single VM group in Aikido. The VM group's name matches the VMSS identifier.
No grouping: VMs that aren't part of a VMSS are treated as standalone VMs and scanned individually.
