--- title: "Azure Connection - User Interface Components" slug: "fortanix-key-insight-user-interface-components-azure" updated: 2026-05-26T10:35:43Z published: 2026-05-26T10:43:02Z canonical: "support.fortanix.com/fortanix-key-insight-user-interface-components-azure" --- > ## Documentation Index > Fetch the complete documentation index at: https://support.fortanix.com/llms.txt > Use this file to discover all available pages before exploring further. # Azure Connection - User Interface Components ## 1.0 Introduction This article describes the user interface (UI) features of the Azure cloud connection on Fortanix Key Insight. ## 2.0 Terminology References *For Fortanix Key Insight - Azure concepts and supported features, refer to the*[*Azure Connection Concepts*](/v1/docs/fortanix-key-insight-for-azure-concepts)*.* ## 3.0 Overview The Azure connection **Overview** page appears after adding an Azure cloud connection. The **Overview** page displays the Azure keys and services for a CSP organization based on the applied Fortanix Key Insight policy. *For more information on the Fortanix Key Insight policy, refer to*[*Cryptographic Policy Management*](https://support.fortanix.com/docs/cryptographic-policy-management)*.* ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/KI Azure Overview.png) **Figure 1: Access Azure overview** - Click **ASSESSMENT REPORT** to navigate to the **Assessment** page and view the assessment report. This report allows you to assess your key security posture to ensure the safety of your data. *For more information, refer to*[*Section 4.0: Assessments*](/v1/docs/fortanix-key-insight-user-interface-components-azure#40-assessments)*.* - If the count of Azure subscriptions before the scan does not match the count of the Azure subscriptions after the scan: - Verify that all required roles and permissions are correctly configured in the AWS accounts before running the scan. - After confirming permissions, initiate a re-scan using the **RESCAN** option. *For more information, refer to*[*Section 5.0: Rescan an Azure Connection*](/v1/docs/fortanix-key-insight-user-interface-components-azure#50-rescan-an-azure-connection). > [!NOTE] > NOTE > > - If your Fortanix Armor account is deactivated and you are accessing the Fortanix Key Insight Azure connection, you will not be able to view data on the **Overview, Assessments, Keys, Services**, or **PQC Central** pages. You will only have access to view and delete items within the **Connections**, **Policy Center,**and**Authentication** pages. > - If you added an external key source during the Azure cloud connection onboarding, the **Overview** page will display the total key count, reflecting the correlated keys from the external key source after a successful scan. The **Overview** page helps users get a summary of the Azure keys and services, as described in the following sections: ### 3.1 Cloud Discovery Accounts This section summarizes the discovered asset counts for an Azure connection. It shows the count of: - The Azure subscriptions within the Azure management group - The resource groups under all the Azure subscriptions - The regions in the resource groups - The keys in all the Azure cloud regions - The services in all the Azure cloud regions > [!NOTE] > NOTE > > The total number of keys displayed in the Cloud Discover Accounts section is only the count of the “Current” key version for each key in the Azure Key Vault. Clicking the **Keys** and **Services** labels in the **Cloud Discovery Accounts** section takes you to their list view. ### 3.2 Cryptography Bill of Materials (CBOM) This section describes how to export cryptographic asset metadata from Azure into a standardized CBOM JSON file. The exported CBOM file can be used to maintain a cryptographic inventory, demonstrate regulatory compliance, and assess post-quantum cryptography (PQC) readiness. To export the CBOM file, click **EXPORT**. A file named `bom_report_<Azure_scan_id>.json` will be downloaded to your local system, where `Azure_scan_id` is the unique identifier generated for each Azure connection scan. For example, [](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/bom_report_d195afaa-575e-11f0-8f18-d552727ebe34.json)bom_report_d195afaa-575e-11f0-8f18-d552727ebe3417.04 MB[**](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/bom_report_d195afaa-575e-11f0-8f18-d552727ebe34.json) The exported file adheres to the **CycloneDX** specification and includes the following components: - `bomFormat`: Specifies the format of the bill of materials. For CBOM exports, this value is set to `CycloneDX`. - `specVersion`: Indicates the version of the CycloneDX specification used. - `version`: Denotes the version of the generated CBOM file. - `components`: Lists cryptographic components such as keys. Each entry includes attributes such as type, name, algorithm, associated services, and so on. - `services`: Describes the Azure services that interact with the listed cryptographic components. Each service includes attributes such as its name and resource ID. - `dependencies`: Defines the relationships between keys and services, representing how cryptographic elements are interconnected or used together. > [!NOTE] > NOTE > > If your Azure connection was last scanned before the Fortanix Key Insight 25.07 release and has not been rescanned, you must perform a **Rescan** to ensure the correct CBOM export. > > *For more information on how to perform a rescan, refer to*[*Section 5.0: Rescan an Azure Connection*](/docs/fortanix-key-insight-user-interface-components-azure#50-rescan-an-azure-connection)*.* ### 3.3 Keys by Status This section provides a summary of Azure keys categorized by their status: - **Enabled**: The count of Azure keys that are enabled and are shared by multiple Azure services. - **Disabled rotation**: The count of Azure keys for which the rotation is disabled. - **Not activated**: The count of Azure keys that are not activated. - **Platform managed keys**: These are encryption keys automatically created and managed by Microsoft Azure to provide transparent data encryption for Azure resources. Customers do not have access to these keys and cannot configure, rotate, or manage them. In Fortanix Key Insight, platform-managed keys are discovered and classified to support asset inventory, visibility, and audit reporting.. - **Customer managed keys**: These are encryption keys that are created, owned, and managed by customers using Azure Key Vault or Azure Managed HSM. Customers have full control over key lifecycle management, including defining access policies, granting permissions, scheduling key rotation, and even importing external keys. Fortanix Key Insight offers comprehensive visibility and governance for customer-managed keys, including usage analytics, risk scoring, rotation tracking, and compliance assessments. Click the **Keys by Status** label, and each key type will go to the corresponding list view. ### 3.4 Keys by Type This section displays a count of key specifications across all Azure subscriptions included in the scan. For the Azure CSP, it shows the total number of keys that are present in all the Azure cloud subscriptions based on the applied policy. Click any key type to navigate to its corresponding list view. ### 3.5 Top Subscriptions by Key Count and Status This section lists, in descending order, the top five subscriptions with the greatest number of keys since the last key scan operation. The count for each subscription includes both enabled and disabled keys. Blue indicators represent enabled keys, while Orange indicators represent disabled keys. Click a subscription ID to open the list view showing all keys in that subscription. ### 3.6 Key Vaults by Service Tier This section provides a summary of the number of key vaults in the Azure Premium Key Vault and Azure Standard Key Vault service tiers. Click each label or count to access its corresponding list view. ### 3.7 Protected Services This section presents a summary of the comparison between the number of **Microsoft managed keys, Customer managed keys,** and **Unencrypted services** for Azure services. - The purple color cell indicates **Microsoft managed keys**. - The blue color cell indicates **Customer managed keys**. - The teal blue color cell indicates **Unencrypted services**. Clicking each service takes you to the respective list view. ## 4.0 Assessments After adding an Azure connection, you can access the Fortanix Key Insight **Assessment** page from the left navigation panel. The **Assessment**page shows: - Key security posture details of the Azure cloud subscriptions. - Violations that must be remediated to improve the security status. - Remediation advice to improve the security status. ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/KI_Azure Assessment(10).png) **Figure 2: Azure assessment report** > [!NOTE] > NOTE > > If you added an external key source during the Azure cloud connection onboarding, the **Assessment** page displays the total key count, reflecting the correlated keys from the external key source after a successful scan. ### 4.1 Risk Score This section provides the overall risk score of the Azure keys and services. The following are the different risk score categories and their associated risks: - **High** – A high score signifies the total number of shared keys, overly permissive (usage) keys, keys with rotation disabled, keys without expiry, and non-compliant keys in use. - **Critical** – A critical risk score indicates the total number of unencrypted Azure cloud services detected that need attention. - **Medium** – A medium risk score indicates the total number of CSP-generated, service encrypted with soft-deleted keys, and overly permissive (management) keys in use. - **Good** – A good risk score signifies that no risks have been identified, or only minimal risks are present. The overall risk score is prioritized based on the number of risks, in order of severity from highest to lowest: - Critical - High - Medium - Good Click each risk label or count to access its corresponding list view. ### 4.2 Service Violations For an Azure CSP, this section provides insights into service violations across your Azure cloud environment. You can view the total number of Azure cloud subscriptions and their associated services, along with specific violations tied to each service. These violations may result from issues such as the use of shared, deleted, or soon-to-be-deleted keys, excessive permissions, non-compliant configurations, or unencrypted keys. This information helps you identify which services are at risk, enabling you to implement unique, compliant, and encrypted keys to strengthen your security posture. Also, - Risk levels for each service are color-coded for easier identification and prioritization. - Select **VIEW ALL** to navigate to the **Services** page and explore all key-related violations for each service. - Click any service to view a detailed list of the top 10 key violations associated with it, sorted by severity. Select any violation type to navigate to its corresponding full list. - Click **BACK** to navigate to the service violations card view ### 4.3 Top Security Issues This section provides the following information about the keys: - **Shared Keys**: Displays the total number of keys in the Azure cloud subscription shared by two or more services for encrypting the services. Shared keys increase security risk, and this information will help you determine which keys are at risk so that you can use unique encryption keys for better security. - **Exportable Keys**: Displays the number of Azure keys marked as exportable. Exportable keys are high-risk and vulnerable. This information will help in marking these high-risk keys as non-exportable. - **Services using Platform Managed Keys**: These represent Azure services that automatically encrypt customer data using platform-managed encryption keys, which are fully controlled by Azure and are not accessible for customer-based configuration or lifecycle management. Encryption is applied by default and transparently. Fortanix Key Insight detects these services and associates them with their respective platform-managed keys, providing insight into Azure’s default encryption behavior. - **Unused keys**: Displays the total number of Azure keys that remain unused for encryption in the scanned data and supported services. You can use this information to identify and remove unused keys for enhanced security. > [!NOTE] > NOTE > > Fortanix Key Insight recommends removing any unused keys from your Azure cloud as a best practice. - **Expired Keys**: Displays the number of keys that have passed their expiration date. This information helps you review these expired keys and delete them. - **Non-compliant keys**: Displays the total number of keys in the Azure cloud subscription that are violating the cryptographic policy that is set for a Fortanix Key Insight account. This information will help you determine which keys are non-compliant with the Key Insight account's Cryptographic policy so that you can generate new keys to encrypt the Azure services. Any key that utilizes the following algorithm and key size combinations is considered **Non-Compliant** in Fortanix Key Insight, according to the National Institute of Standards and Technology (NIST) 800-57 standard: The non-compliant keys increase the data security risk. They will be flagged as vulnerabilities on the **Keys** page. Fortanix Key Insight recommends using stronger key algorithms and ensuring that the key strength aligns with your defined policies and NIST standards. - **AES**: Any key size less than 128 bits. - **3DES**: Keys with sizes 112 bits and 168 bits. - **DES**: Keys with size 56 bits. - **RSA**: Keys with a size less than 2048 bits. - **DSA**: Keys with a size less than 2048 bits. - **ECC**: Keys with a size less than 224 bits. - **HMAC**: Keys with a size less than 112 bits. - **PQC readiness:**Indicates the percentage of your Azure cryptographic assets that are currently quantum-safe, showing your Azure cloud environment's preparedness for post-quantum cryptography (PQC). This percentage reflects the portion of assets using PQC-compliant algorithms or configurations. Clicking the percentage value takes you to the **PQC Central** page, where you can view detailed data for the corresponding Azure connection and assess the readiness of individual assets. - **Overly permissive keys [Usage]**: Displays the total number of Azure keys with excessive usage permissions. These keys can potentially cause service violations and carry a high-risk score. This information helps analyze key usage to improve security. The overly permissive keys (usage) analyze the associated [Role Assignments](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-rest) of a key, listing all granted service principals and corresponding [Role Definitions](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions-list), to determine if more than one Azure service principal can perform cryptographic operations on a key. It analyzes `DataActions` and `NotDataActions` of a corresponding role definition to ascertain the authorization of assigned service principals for cryptographic operations. - **Overly permissive keys [Management]**: Displays the total number of Azure keys with excessive management permissions. Keys with overly permissive management permissions can lead to service violations and are assigned a medium risk score. This information helps analyze key usage to enhance security. The overly permissive keys (management) analyze the associated [Role Assignments](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-list-rest) of a key, listing all granted service principals and corresponding [Role Definitions](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-definitions-list), to determine if more than two Azure service principals are authorized for management action operations. It analyzes `Actions` and `NotActions` of a corresponding role definition to ascertain the authorization of assigned service principals for management action operations. > [!NOTE] > NOTE > > Fortanix Key Insight recommends reviewing and revalidating the Azure key policies as a best practice to avoid overly usage and management permissions. Click each top security issue to access its corresponding list view. ### 4.4 Download Assessment Report Click **DOWNLOAD REPORT** on the top-right corner of the **Assessment** page to view the **Data Security Assessment Report**for the Azure subscription in PDF format. The report will open in the **Print** dialog box, where you can choose to print it or save it locally to your machine as needed. ## 5.0 Rescan an Azure Connection Click **RESCAN** on the top right corner of the **Overview** or **Assessment** page to perform a rescan and verify if any keys have been added, deleted, or updated in the Azure CSP organization. If you click **RESCAN**and start the scan, you can monitor the progress bar while running. After the scan is completed successfully, - The **Last scanned** label will be updated with the completion date and time. - The **Overview** page will reflect the new state of the Azure CSP keys and services. > [!NOTE] > NOTE > > The **RESCAN** option is accessible only to users with the **Account Administrator** and **Group Administrator** roles. ## 6.0 Keys After onboarding the Azure connection, click **Keys** in the Fortanix Key Insight left navigation panel to access the Azure keys details. Clicking **Keys** will take you to the **Keys** page that shows a map of all the Azure subscriptions. On the **Keys**page, you can switch between the **LIST** and **GRAPH**views using ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/KI_AWS%20View%20Switcher(1).png) toggle on the top left corner. The **LIST** view is selected by default. ### 6.1 List View The keys list view displays all keys in a table, along with details such as key name, version, state, violations, owners, usage description, specification, creation date, expiration date, rotation date, key vault, and region. ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/KI_Azure Keys List(7).png) **Figure 3: Azure keys list view** - Use the **Search** field to filter keys based on the available criteria and supported values. For example: - Key Id - Key Name - Key Rotation: Enabled, Disabled - Click ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/gcp-connection---user-interface-components-image-oikbq2v5.png) in the top-right corner of the table to customize which columns are displayed, beyond the default six. - Click**EXPORT** to export the scanned keys data. *For more information, refer to*[*Section 8.0: Export Scanned Data*](/v1/docs/fortanix-key-insight-user-interface-components-azure#80-export-scanned-data)*.* - Click ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/gcp-connection---user-interface-components-image-ouncgje0.png) in the **VIOLATIONS** column to view detailed information about the associated vulnerabilities. #### 6.1.1 Add Key Details You can assign owners to the scanned keys to enhance key management, simplify tracking, and improve remediation workflows. Perform the following steps to add the key(s) details: 1. Select the check box (![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/image(133)(2).png)) next to the required key(s) in the list. 2. Click **ADD DETAILS** in the top right corner. > [!NOTE] > NOTE > > If your Azure connection was last scanned before the Fortanix Key Insight 25.03 release and a new scan was not performed, clicking the **ADD DETAILS** option will show a **Rescan Required to Add Details** dialog box. To ensure your key details are correctly added, you must rescan the Azure connection and then add the key details. > > *For more information on how to perform a rescan, refer to*[*Section 5.0: Rescan an Azure Connection*](/docs/fortanix-key-insight-user-interface-components-azure#50-rescan-an-azure-connection)*.* 3. In the **Add Details** dialog box: > [!NOTE] > NOTE > > To add ownership details, specifying a primary owner is mandatory before adding a secondary owner. On the **Keys** page, the primary and secondary owners’ names or employee IDs and email addresses will appear in the **OWNERS** column, and the description will appear in the **USAGE** **DESCRIPTION** column. - **Primary owner**: Enter the primary owner’s name or employee ID. - **Email ID**: Enter the primary owner’s valid email ID. - Click **ADD SECONDARY OWNER** to add the secondary owner’s details, if required. - **Description (Optional)**: Enter an optional description. - Click **ADD** to add the ownership details to the selected key(s). > [!NOTE] > NOTE > > Only users with **Account Administrator** permissions can add or edit key details. #### 6.1.2 Edit Key Details You can modify the details of the selected key(s). Perform the following steps to edit the key(s) details: 1. Select the check box (![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/image(133)(1).png)) next to the required key(s) in the list. 2. Click **EDIT DETAILS** in the top right corner of the table. 3. In the **Edit Details** dialog box, update the required values. 4. Click **UPDATE** to apply the changes. #### 6.1.3 View Key Details Click any **key name** in the **Keys** list to view its properties, rotation history, associated violations, and service mappings. - The**KEY DETAILS** tab displays the key’s properties, ownership information (if provided), and automatic rotation policy details. If required, click **EDIT DETAILS** on the **Ownership** section to update the ownership details for the selected key. ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/image-1764325853006.png) **Figure 4: Access key details view** > [!NOTE] > NOTE > > The **Key Correlation** section is visible only if an external key source (Fortanix DSM SaaS or On-Premises) has been configured for the Fortanix Key Insight Azure cloud connection. You can filter the correlated keys using the **Key Correlation = Correlated**attribute. > > For a selected correlated key in the list, this section displays details such as the key source, key source type, last correlated date, and source key ID. Click the **Key ID** to navigate to Fortanix DSM SaaS and view the key details. > > ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/image-1764325876006.png) > > **Figure 5: Access key correlation section** - The **VIOLATIONS** tab displays the violations associated with the key. ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/image-1764325912009.png) **Figure 6: View key violations** - The **SERVICE MAPPING** tab displays the mapping between the key and Azure service(s), if any. You can view the details of the key and its associated services through **Legends**. ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/image-1764325929747.png) **Figure 7: Key and service mapping** ### 6.2 Graph View The graph view shows the following information: - For every Azure subscription, it shows the Azure Key Vault names and resource groups that it belongs to, and for each Key Vault, it shows the map of all the keys in that account that are used to encrypt the Azure services. - Each key displays the services encrypted by it. - If a key is used by more than one Azure service, is non-compliant, and has over-usage or management permissions, then it shows a vulnerability warning. Key Insight recommends proceeding with the appropriate action items to minimize those warnings. - The keys display the non-compliance vulnerabilities based on the configured key sizes and types, per the National Institute of Standards and Technology (NIST) standards specified in the applied Key Insight policy. ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/image-1764325946603.png) **Figure 8: Clickable points in the map** - Click various points in the key map to go to the tabular view of that entity. For example, click the key vault icon ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/KI_Azure Key Vault Icon.png)) for the Azure subscription to go to the tabular view of the key vault. - Filter the keys by **Subscriptions, Resource group name, Key name, Key version, Vulnerabilities**, and **Services** on the key map. Perform the following steps to apply the filter on the key graph: 1. Click the **Services** drop down to select or search keys by a service. For example, select **SQL**. 2. Click **SEARCH**. You will see that the key map displays only the keys that encrypt the **SQL**. ## 7.0 Services After onboarding an Azure connection, click **Services** on the left navigation panel to navigate to the **Services** page, which shows a map of all the Azure services (Azure Storage Accounts, Managed Disks, SQL, AKS, ACI, ABS, and Cosmos DB) grouped by the Azure subscription. > [!NOTE] > NOTE > > Fortanix Key Insight currently supports scanning all Azure Cosmos DB cloud resources, if they are "single deployments". For clustered variants, it supports scanning only the **Cosmos DB for MongoDB** cluster. On the **Services** page, you can switch between the **LIST**and **GRAPH** views using ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/KI_AWS%20View%20Switcher(1).png) toggle on the top left corner. The **LIST** view is selected by default. ### 7.1 List View The services list view displays all services in a table, along with details such as name, type, encryption, violations, resource group, region, and subscription. ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/image-1764326022600.png) **Figure 9: Azure services list view** - Click **ENCRYPTION** column values to check whether the service was encrypted. - Click ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/KI_Violation Icon(1).png) in the **VIOLATIONS** column to view detailed information about the associated vulnerabilities. - Use the **Search** field to filter services based on the available criteria and supported values. For example: - Subscription - Subscription ID - Encryption: Encrypted, Unencrypted - Click **EXPORT** to export the scanned services data. *For more information, refer to*[*Section 8.0: Export Scanned Data*](/v1/docs/fortanix-key-insight-user-interface-components-azure#80-export-scanned-data). #### 7.1.1 View Service Details You can click any Azure service name in the **Services** list to view its configuration details and associated violations. - The **SERVICE DETAILS** tab displays the service configurations and associated keys data. ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/image-1764326225010.png) **Figure 10: Access services details view** > [!NOTE] > NOTE > > The **Key Correlation** section is visible only when the selected service is encrypted and associated with a correlated key from an external key source connection. You can filter the correlated data using **Name** attribute. This section displays details such as the key source, key source type, last correlated date, and source key ID. Click **Key Id** to navigate to Fortanix DSM SaaS to view the corresponding key details. > > ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/image-1764326242099.png) > > **Figure 11: Key correlation in Azure service details page** - The **VIOLATIONS** tab displays the violations associated with the service. ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/image-1764326283680.png) **Figure 12: View service violations** ### 7.2 Graph View In the services graph view, the services are grouped into the following categories, and you can also view the total counts for services, violations, subscriptions, and regions within each category: - **Service Type**: Selecting this category allows you to view all services grouped by type**and their corresponding risk levels. The color of each service indicates its associated risk level. This category is selected by default. ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/KI_Azure Services by Type.png) **Figure 13: Access services graph view** Click any service to view the types of violations for that service and the count for each violation, sorted by severity, if applicable. ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/KI_Azure Services by Specific Type.png) **Figure 14: Select and view Azure service details** - Clicking a specific violation in the list will take you to the corresponding service list view, filtered accordingly. - **Violation Type**: Selecting this category allows you to view all services grouped by violation type, along with their corresponding risk levels. ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/KI_Azure Services Graph by Violations(1).png) **Figure 15: Azure services by violation types** Click any violation to view the types of services that share the violation and the count for each service type, if applicable. ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/KI_Azure Services Graph by a specific Violations.png) **Figure 16: Select and view Azure service violations details** - Clicking a specific service type in the list will take you to the corresponding service list view, filtered accordingly. - **Subscriptions and Regions**: Selecting this category allows you to view all services grouped by different subscriptions and regions, along with their associated risk levels. ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/KI_Azure Services by Subscriptions and Regions(3).png) **Figure 17: Azure services by subscriptions and regions** Click any subscription and region to view the associated resource groups and services that share the same subscription and region. ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/KI_Azure Services by a specific Subscriptions and Regions.png) **Figure 18: Azure service subscription details** - Click any resource group to view each service's regions and service count, if applicable. - Click any service to view the types of violations and the count for each violation, sorted by severity, if applicable. - Click a specific service type in the list will take you to the corresponding service list view, filtered accordingly. You can filter the services by **Subscription**, **Resource Group**, **Region**, **Service Type**, and **Vulnerability** for each category explained in [*Section 7.2: Graph View*](/v1/docs/fortanix-key-insight-user-interface-components-azure#72-graph-view). For example, to filter services by **Region**, 1. Select the **Group by:** category. For example, **Service Type**. 2. Click the **Region** drop down to select the region. For example, **east-us**. 3. Click **APPLY**. The **Services** page will display only the services for the selected region. Additionally, the count for the total number of services, violations, regions, and accounts shown in the top bar will be updated accordingly. Click **RESET** to clear all filters or select the **All (Default)** option from the dropdown in the desired filter to reset that specific filter. ## 8.0 Export Scanned Data This feature allows you to export the Azure scanned key and service-related data from Fortanix Key Insight in **Comma-Separated Values (CSV)** format. Also, it provides flexibility, enabling you to download data for detailed analysis, audits, or reporting, and to access real-time status. In the Azure **Keys** and **Services** list view, click **EXPORT** to export the scanned data using any of the available options: ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/image-1764326359025.png) **Figure 19: Access data export feature** - **Export current page**: Use this option to export all column data from the current page in CSV format. > [!NOTE] > NOTE > > You can download a maximum of 100 items at a time, based on the settings specified in the **Items per page** drop down. - **Export all raw data:**Use this option to****export all scanned data shown in the keys and services tables in CSV format. If you select this option, you can read the details on the **Export All Raw Data** dialog box and click **PROCEED** to export all the data. After the export process begins, you can track its progress. The export status will be logged with a message on the **Activities** tab in Fortanix Key Insight. *For more information, refer to*[*Section 8.1: View Export Activities*](/v1/docs/fortanix-key-insight-user-interface-components-azure#81-view-export-activities)*.* - **Export selected rows**: This option is disabled by default. You can select the check box (![image.png](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/image(133).png)) next to the required rows on the current page and export them in CSV format using this option. > [!NOTE] > NOTE > > - Users with the **Account Administrator** and **Group Administrator** roles can only perform the scanned data export. > - Within a single account, multiple exports can run concurrently across different connections (cloud, on-premises, external key sources, and vendor applications). ### 8.1 View Export Activities After you initiate the export process using **Export All Raw Data**, you can track the export status in the **Activities**menu located in the left navigation panel. The following details are available for each export activity: - Name of the activity. For example, the activity would be named **Export_all_keys_vaults** if you had exported all the Azure keys. - Name of the file. For example, **Azure Keys.csv**. - Activity status indicates the current state of the data export. This can be any of the following: - **Completed**: The data export has been successful, and the CSV file will automatically download to the location specified on your local machine. - **In Progress**: The data export is in progress, and you can cancel it using ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/KI_AWS Resume Activity.png) if required. - **Cancelled**: The data export has been canceled due to switching accounts or manually canceling it while it was in progress. - **Failed**: The data export was not completed and failed due to errors. - Name of the connection - Export creation date and time ![](https://cdn.us.document360.io/c3bd85d2-4ad8-4d85-9f60-f1c168a3aad9/Images/Documentation/KI_Azure Activities.png) **Figure 20: Access Azure export activities** > [!NOTE] > NOTE > > - If you switch to a different account during export, the export will be cancelled and logged in the **Activities** tab. > - If you navigate to a different solution (for example, Identity and Access Management), the export will continue, but no logs will appear in the **Activities** tab. The export status will be confirmed using a toast message. > - If you refresh the web page during the export, the confirmation dialog box will appear. If you refresh, the export will be cancelled, and all entries in the **Activities** tab will be removed. Therefore, it is recommended not to refresh the page during the export. Fortanix Key Insight identifies encryption keys and data services across on-premises and hybrid multicloud environments, providing a unified dashboard for tracking key mappings and cryptographic security. It offers security and compliance teams data-driven insights to assess risks, align with best practices, and meet industry regulations. Iy also supports continuous risk mitigation and crypto-agility, adapting to evolving security needs, including preparation for the post-quantum era. ## Related - [Getting Started with Cloud Connection](/fortanix-key-insight-getting-started-with-cloud-connection.md) - [Overview and Definitions](/fortanix-ccm-overview-and-definitions.md) - [Fortanix DSM with Ansible Lookup Plugin](/fortanix-dsm-with-ansible-lookup-plugin.md) - [AWS Connection - User Interface Components](/fortanix-key-insight-user-interface-components-aws.md) - [Getting Started](/fortanix-dsm-cloud-data-control-getting-started.md)