Veza for Azure

If Microsoft Azure is a cornerstone of your cloud infrastructure, excessive or misconfigured access permissions in Azure RBAC can be your single biggest vulnerability. Veza is the identity security platform enabling you to answer the question: Who can take what action on what services and data in Azure?

Identity security challenges in Microsoft Azure


Identity access is highly configurable, with dozens of distinct permissions for Azure Blob Storage alone. Now, add in the challenge of resolving interactions between management groups, subscriptions, resource groups and resources. Access outcomes become almost impossible to predict.


Security and governance teams are managing many more resources and identities in Azure than in the on-prem world, especially when you account for machine identities. Traditional security and governance tools and processes are still catching up.

Secure Collaboration

Azure has been innovative in enabling organizations to collaborate with external users, but continuing to monitor whether third parties have the proper access to company data in Azure has become a new challenge.

How Veza can help

Veza is powered by its Authorization Graph, which gives organizations the ability to visualize authorization relationships between all identities and systems by connecting users, groups, roles, and permissions.

Key Benefits
  • Reduced Risk: Surface and prioritize identities with the highest privilege, risk, or policy issues across all enterprise systems, without having to master the complex access model of Azure RBAC.
  • Least Privilege: Reduce risks and simplify audits by continuously identifying and remediating identity misconfigurations, dormant permissions, and over-permissioned identities.
  • Team Efficiency: Reduce manual, repetitive tasks by leveraging automation to detect and remove dormant access. Use Veza to delegate access decisions to business managers who best understand specific systems.
Key Features
  • Effective permissions: translate Azure permissions into simple, human-readable language—”create, read, update, delete”—and resolve complex policy interactions to give actionable intelligence on who can do what in Azure.
  • Automated monitoring: watch continuously for policy violations and new privileged accounts, so you can comply with internal controls and external regulations without burdening security and governance teams.
  • Agentless read-only connections to both Azure and your identity providers, give a complete picture of the access granted to federated identities, revealing governance blindspots, like local users.

Bluecore gets complete visibility across Google Cloud with Veza

Bluecore is a cloud-native organization, hosted entirely in Google Cloud since day one. CISO Brent Lassi’s team sought a solution that could meet three primary criteria:

  1. Supportability — could it be supported entirely by Bluecore’s security and IT organization
  2. Extensibility — could it plug into other systems via APIs and automation?
  3. Observability — could it pivot and drill down data to an almost infinite depth?

Only Veza made the cut.

The most critical thing about data security is knowing what you have. You need to know where it is, how long you’ve had it, and how well it’s protected. Veza helps me do all of it. It was hard to find something that didn’t treat Google Cloud like a third-class citizen…I was reassured to see that Veza took Google very, very seriously from the get go.

Brent Lassi | CISO

Watch the video

Full coverage of Microsoft services

Ready to learn more?

Take a self-guided tour of how Veza automates access reviews