You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/concept-gcp-connector.md
+8-9Lines changed: 8 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,6 @@
1
1
---
2
2
title: Defender for Cloud's GCP connector
3
3
description: Learn how the GCP connector works on Microsoft Defender for Cloud.
4
-
5
4
ms.topic: conceptual
6
5
ms.service: defender-for-cloud
7
6
ms.date: 06/29/2023
@@ -19,7 +18,7 @@ The GCP connector allows for continuous monitoring of Google Cloud resources for
19
18
20
19
The authentication process between Microsoft Defender for Cloud and GCP is a federated authentication process.
21
20
22
-
When you onboard to Defender for Cloud, the GCloud template is used to create the following resources as part of the authentication process:
21
+
When you onboard to Defender for Cloud, the GCloud template is used to create the following resources as part of the authentication process:
23
22
24
23
- Workload identity pool and providers
25
24
@@ -61,9 +60,9 @@ From here, you can decide which resources you want to protect based on the secur
61
60
62
61
### Configure access
63
62
64
-
Once you've selected the plans, you want to enable and the resources you want to protect you have to configure access between Defender for Cloud and your GCP project.
63
+
Once you selected the plans, you want to enable and the resources you want to protect you have to configure access between Defender for Cloud and your GCP project.
65
64
66
-
:::image type="content" source="media/concept-gcp-connector/configure-access-gcp-connector.png" alt-text="Screenshot of the configure access screen between Defender for Cloud and your GCP project." lightbox="media/concept-gcp-connector/configure-access-gcp-connector.png":::
65
+
:::image type="content" source="media/concept-gcp-connector/configure-access-gcp-connector.png" alt-text="Screenshot of the Configure access screen between Defender for Cloud and your GCP project." lightbox="media/concept-gcp-connector/configure-access-gcp-connector.png":::
67
66
68
67
In this step, you can find the GCloud script that needs to be run on the GCP project that is going to onboarded. The GCloud script is generated based on the plans you selected to onboard.
69
68
@@ -106,25 +105,25 @@ From here, you can decide which resources you want to protect based on the secur
106
105
107
106
### Configure access
108
107
109
-
Once you've selected the plans, you want to enable and the resources you want to protect you have to configure access between Defender for Cloud and your GCP project.
108
+
Once you selected the plans, you want to enable and the resources you want to protect you have to configure access between Defender for Cloud and your GCP project.
110
109
111
-
:::image type="content" source="media/concept-gcp-connector/configure-access-organization.png" alt-text="Screenshot of the configure access screen between Defender for Cloud and your GCP organization." lightbox="media/concept-gcp-connector/configure-access-organization.png":::
110
+
:::image type="content" source="media/concept-gcp-connector/configure-access-organization.png" alt-text="Screenshot of the Configure access screen between Defender for Cloud and your GCP organization." lightbox="media/concept-gcp-connector/configure-access-organization.png":::
112
111
113
112
When you onboard an organization, there's a section that includes management project details. Similar to other GCP projects, the organization is also considered a project and is utilized by Defender for Cloud to create all of the required resources needed to connect the organization to Defender for Cloud.
114
113
115
114
In the management project details section, you have the choice of:
116
115
117
-
- Dedicating a management project for Defender for Cloud to include in the GCloud script.
116
+
- Dedicating a management project for Defender for Cloud to include in the GCloud script.
118
117
- Provide the details of an already existing project to be used as the management project with Defender for Cloud.
119
118
120
-
You need to decide what is your best option for your organization's architecture. We recommend creating a dedicated project for Defender for Cloud.
119
+
You need to decide what is your best option for your organization's architecture. We recommend creating a dedicated project for Defender for Cloud.
121
120
122
121
The GCloud script is generated based on the plans you selected to onboard. The script creates all of the required resources on your GCP environment so that Defender for Cloud can operate and provide the following security benefits:
123
122
124
123
- Workload identity pool
125
124
- Workload identity provider for each plan
126
125
- Custom role to grant Defender for Cloud access to discover and get the project under the onboarded organization
127
-
- A service account for each plan
126
+
- A service account for each plan
128
127
- A service account for the autoprovisioning service
129
128
- Organization level policy bindings for each service account
130
129
- API enablement(s) at the management project level.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments