Understanding Azure Key Vault discovery tasks

Azure Key Vault discovery tasks are used to scan and monitor Azure Key Vaults for certificates. Scans do not require access to secrets or keys in Azure Key Vault, and they can discover all certificate types regardless of the issuing Certificate Authority (CA). They can be configured to run on a schedule for periodic scanning.

Once discovered, certificates are automatically added to the certificate bucket associated with the discovery task that found them. If the bucket is configured with assignment rules, the certificate will automatically be assigned to the associated organization and department.

Azure Key Vault discovery tasks require the configuration of an Azure account in SCM.

For more information about SCM Azure accounts, see the SCM Administrator’s Guide.

Azure Key Vault discovery tasks can be managed on the Discovery  Azure Key Vault Discovery Tasks page.

Azure Key Vault Discovery Tasks page

The following table describes the settings and controls of the Azure Key Vault Discovery Tasks page.

Column Description

ID

The unique numeric identifier of the discovery task.

Name

The name of the discovery task.

Certificate Bucket

The certificate bucket used to group certificates discovered by the task.

Status

The status of the most recent scan.

Schedule

The frequency at which the discovery task is configured to run.

Last Scanned

The date and time of the most recent discovery task scan.

Table controls

Filter

Enables you to sort the table information using custom filters.

Group

Enables you to sort the table information using predefined groups.

Refresh

Refreshes the information presented in the table.

Download CSV

Downloads the table information as a .csv file.

Manage Columns

Enables you to select which table columns to display.

Admin controls

Add

Opens the Add Azure Key Vault Discovery Task dialog where you can add a new discovery task.

Delete

Removes the selected discovery task.

Edit

Opens the Edit Azure Key Vault Discovery Task dialog where you can manage an existing discovery task.

Scan

Initiates a scan with the selected discovery task.

Cancel

Cancels an in-progress scan with the selected discovery task.

History

Opens the History of task dialog where you can view the history of the selected discovery task’s scans and certificates discovered.

View Audit

Opens the Azure Key Vault Discovery Task Audit dialog where you can view or download audit logs.