Azure Snapshot Security and Privacy Considerations

What data does the Azure Snapshot collect?

The Azure Snapshot uses Azure APIs to collect usage and cost information for your Azure resources to provide recommendations on cost savings, security and monitoring improvements. VIAcode has developed a proprietary AI tool that analyzes Azure resource tiers, utilization, security and monitoring coverage. We collect and analyze this data: resource, resource group and subscription names and tags but we do not store them.

How secure is my data?

VIAcode is committed to keeping your information secure. Your data falls into one of the following categories:

User data includes data associated with your Azure account, including subscriptions, resources, prices, usage and recommendations. This data is safeguarded by three layers of encryption:

  • Encryption at rest (AES 256)
  • Encryption in transit (TLS 1.2)
  • Application-level encryption (AES 256) using a per-user key in Key Vault

User security data includes encryption keys and access tokens stored in Azure Key Vault. The Azure Snapshot has a registered identity and all access to these tokens are fully logged and audited.

Application state data is used to track the settings and options associated with your user account. This data is safeguarded by two layers of encryption:

  • Encryption at rest (AES 256)
  • Encryption in transit (TLS 1.2)

Are special permissions needed to access the report?

The Azure Snapshot doesn’t require any special permissions.

To see your Subscriptions and Resource Groups Costs you need to have the role of Billing Reader.

To view the Cost Savings Recommendations you need to have the Reader role on subscriptions or resource groups.

How do I revoke the Azure Snapshot’s access?

On the initial connection you give consent for the Azure Snapshot to access Azure. This consent only needs to be given on one occasion and is remembered by Azure AD.

You can revoke permissions from Azure Snapshot at any time by:

  1. Visit https://portal.office.com/account/
  2. Click on the “Revoke” button that is found on the VIAcode card
  3. Click OK in the confirmation message

VIAcode provides services for migration, optimization and management for Azure.