Understanding Azure Key Vault discovery tasks
Azure Key Vault discovery tasks are used to scan and monitor Azure Key Vaults for certificates. Scans do not require access to secrets or keys in Azure Key Vault, and they can discover all certificate types regardless of the issuing Certificate Authority (CA). They can be configured to run on a schedule for periodic scanning.
Once discovered, certificates are automatically added to the certificate bucket associated with the discovery task that found them. If the bucket is configured with assignment rules, the certificate will automatically be assigned to the associated organization and department.
Azure Key Vault discovery tasks require the configuration of an Azure account in SCM.
For more information about SCM Azure accounts, see the SCM Administrator’s Guide. |
Azure Key Vault discovery tasks can be managed on the
page.The following table describes the settings and controls of the Azure Key Vault Discovery Tasks page.
Column | Description |
---|---|
ID |
The unique numeric identifier of the discovery task. |
Name |
The name of the discovery task. |
Certificate Bucket |
The certificate bucket used to group certificates discovered by the task. |
Status |
The status of the most recent scan. |
Schedule |
The frequency at which the discovery task is configured to run. |
Last Scanned |
The date and time of the most recent discovery task scan. |
Table controls |
|
Filter |
Enables you to sort the table information using custom filters. |
Group |
Enables you to sort the table information using predefined groups. |
Refresh |
Refreshes the information presented in the table. |
Download CSV |
Downloads the table information as a |
Manage Columns |
Enables you to select which table columns to display. |
Admin controls |
|
Add |
Opens the Add Azure Key Vault Discovery Task dialog where you can add a new discovery task. |
Delete |
Removes the selected discovery task. |
Edit |
Opens the Edit Azure Key Vault Discovery Task dialog where you can manage an existing discovery task. |
Scan |
Initiates a scan with the selected discovery task. |
Cancel |
Cancels an in-progress scan with the selected discovery task. |
History |
Opens the History of task dialog where you can view the history of the selected discovery task’s scans and certificates discovered. |
View Audit |
Opens the Azure Key Vault Discovery Task Audit dialog where you can view or download audit logs. |