Azure Application Security Group pattern-based discovery

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Azure Application Security Group Pattern-Based Discovery

    The Azure Application Security Group pattern-based discovery enables customers to identify and map Azure services within their cloud environments. To utilize this feature effectively, customers need to ensure they have the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store and verify compliance with Microsoft Azure discovery prerequisites.

    Show full answer Show less

    Key Features

    • Pattern Activation: The Azure service pattern is disabled by default. Starting from Visibility Content version 6.28.0, activating this pattern will not be treated as a customization, ensuring that it remains updated. Existing patterns will reset to their predefined versions upon upgrades.
    • GovCloud Support: For those using Azure GovCloud (US), a specific datacenter URL is necessary when setting up the Azure service account.
    • Data Population: The application populates data in both CMDB and non-CMDB tables. Non-CMDB data is accessible via the Azure section in the configuration navigation, while CMDB data is stored when running the Extended Inventory(LP) pattern.

    Key Outcomes

    By implementing the Azure Application Security Group discovery, customers can expect:

    • Accurate inventory management of Azure resources, including their operational and provisioning states.
    • Clear visibility into resource relationships, enabling better management and oversight of cloud infrastructure.
    • Collection and organization of resource tags for enhanced categorization and reporting.

    Discovery and Service Mapping Patterns finds Azure services on your cloud environment. Discovering some of these resources may require updating to the latest version of the Discovery and Service Mapping Patterns application from the ServiceNow Store.

    Pattern-based discovery and mapping requirements

    Verify the Microsoft Azure discovery prerequisites
    For more information, see the prerequisites section in Microsoft Azure Cloud discovery using patterns.
    Enable the relevant pattern
    The pattern for this service is disabled by default. Starting with Visibility Content version 6.28.0, activating or deactivating a pattern won't be considered a customization, and it will continue to receive updates. Patterns that were previously activated or deactivated will reset to the latest predefined version after upgrading while retaining the last active field value. For more information on enabling patterns, see Activate a disabled pattern.
    Configure the Discovery schedule to support GovCloud
    Discovering Azure GovCloud (US) accounts requires using a datacenter URL when setting up an Azure service account. For more information, see Set up Azure service accounts.

    Discovery and Service Mapping Patterns application populates data in both CMDB and non-CMDB tables.

    Data stored in non-CMDB tables

    Discovery and Service Mapping Patterns application populates data in the non-CMDB table when running the Azure - Application Security Group - Extended Inventory(LP) pattern.

    You can review the non-CMDB Azure tables by navigating to All > Configuration > Azure. You can also search the navigation filter for the specific pattern name.

    Table 1. Azure Application Security Group [cmdb_azure_application_security_group_application_security_group]
    Field Description
    Location [location] The geographical region where the resource is deployed.
    Object Id [object_id] The unique identifier for the resource in Azure.
    Provisioning State [provisioning_state] Current state of the provisioning process for the resource.
    Resource Group [resource_group] Name of the resource group.
    Subscription ID [subscription_id] The subscription ID.
    Tenant ID [tenant_id] The identifier for the tenant under which the resource belongs.
    Configuration Item [configuration_item] References the Cloud Resource [cmdb_ci_cmp_resource] table.

    Data stored in CMDB tables

    Discovery and Service Mapping Patterns application populates data in the CMDB when running the Azure - Application Security Group - Extended Inventory(LP) pattern.

    Table 2. Cloud Resource [cmdb_ci_cmp_resource]
    Field Description
    Install Status [install_status] Install status of the resource. Default value is Installed.
    Location [location] The geographical region where the resource is deployed.
    Name [name] The name of the resource.
    Object ID [object_id] The unique identifier for the resource in Azure.
    Operational status [operational_status] Operational status of the resource. Default value is Operational.
    Resource type [resource_type] Type of resource. The value is set to microsoft.network/applicationsecuritygroups.

    CI relationships

    The pattern creates these relationships to support discovery.

    CI Relationship CI
    Resource Group [cmdb_ci_resource_group] Contains::Contained by Cloud Resource [cmdb_ci_cmp_resource]
    Cloud Resource [cmdb_ci_cmp_resource] Hosted on::Hosts Azure Datacenter [cmdb_ci_azure_datacenter]
    Azure Application Security Group [cmdb_azure_application_security_group_application_security_group] References Cloud Resource [cmdb_ci_cmp_resource]

    Azure tag discovery

    The pattern collects tags and populates them in the Key Value [cmdb_key_value] table.
    Table 3. Key Value [cmdb_key_value]
    Field Description
    Key [key] Tag name.
    Value [value] Tag value.