An inventory of your assets is typically in scope for a SOC 2 audit. To aid in your audit preparation, Drata helps build this inventory for you.

Navigate to the asset section from the left nav:

From the Asset Inventory table, you can now filter Azure assets by selecting the appropriate values for the 'Types' and 'Providers' filters. For items pulled in directly from Azure, the Type will always be 'Virtual', and the Provider will always be 'Azure'.

To automatically populate the Owner field, Drata will detect if there are manually assigned Azure native owners for each asset. If no manually assigned owners have been found, the owner from the subscription level would be selected to match the Drata Personnel profile, and check active employment status. If multiple owners are attached to a single Azure asset, only the first owner matches a Personnel profile and who is an active employee could be used to fill the asset Owner field. If no Personnel profile could be found, then this will fall back to the user who created the Azure connection in Drata. If no Azure connection user has been found, assets will be assigned to the first admin.

​Azure allows users to move resources to different subscription or resource groups, which causes the resource to have a different Resource ID associated with assets. In this case, a new record of the asset will be created with updated subscription or resource group info.

As with previous assets, you will also see a 'notes' section for each asset on the far right of the asset row. This will allow you to add any notes or even an asset tag.

Your Azure asset inventory will never be outdated since Drata syncs the asset list on a daily basis. If Drata is pulling in assets from your Azure instances that are not in scope for your audit, be sure to create an Azure tag called 'DrataExclude' to them within your Azure portal. More information on how to do that can be found here:https://help.drata.com/en/articles/5352047-exclusion-tags-within-azure